redline | 0x000500000001956e-110[.]dat | Triage

Sharing

General

Target

0x000500000001956e-110.dat
Size

174KB
MD5

ebb069a8c4ab893f77ff5556df2fc73d
SHA1

a03f5a61af3a3b3669339f6e2b15fa1328b97464
SHA256

40e9bcb1a4f9de51c2634e84f227076cf5e0ffa9c46759329a9e13e5e23fcf06
SHA512

a5c75238b5618a96c15b0c3369d7a23a104b8ee4705bb6b23c7380bc31ae758222c4aa5ae6e4c764237e1a65ed8c4114b3c07b02c52b2a6d0c7805267859f635
SSDEEP

3072:8QiX1vTI0EVXvWOti2i6t8CE0CI0XkNvlnMDJz8e8hZ:8QgTI0EVXvV8CE0KkNvlnMDF

Score

10^/10

regta redline

Malware Config

Extracted

Family

redline

Botnet

regta

C2

77.91.124.54:19071

Attributes

auth_value
c6f537c6f0415ea7760a9bc81f48c756

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x000500000001956e-110.dat

Files

0x000500000001956e-110.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ