redline | i4010428[.]exe | Triage

Sharing

General

Target

i4010428.exe
Size

174KB
MD5

33abc9f104e93cb1167ecaeb6aa5619a
SHA1

2b55dd7048e24eb85932988ac20e05bba02b3db1
SHA256

cd3d877fb255cf900906bb2a47fbeac5cf79d44cfe6bf3d479c81ac7e11711ae
SHA512

14fe6ffae1f0fd836f1343e61fa01331df6582195236df9b43398ef02404be1e84f645b448fe90c02ab3b08cf647982d7ab362d91d7d7859b0a82bd89e5955ed
SSDEEP

3072:jzyDoUefdkPI0iGEndlOzQnvqmqtlMyNhE04ys4x7sJo8e8hy:fHUjPI0iGEnd2msDNhE09x7su

Score

10^/10

jonka redline

Malware Config

Extracted

Family

redline

Botnet

jonka

C2

77.91.124.73:19071

Attributes

auth_value
c95bc30cd252fa6dff2a19fd78bfab4e

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
i4010428.exe

Files

i4010428.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ