redline | 20[.]171[.]68[.]88[.]exe | Triage

Sharing

General

Target

20.171.68.88.exe
Size

174KB
MD5

3caaf74ee8b28fbeabc4c928f5a17eea
SHA1

d087dbbbe345d8f4da5e1a3787f39f041100f552
SHA256

c6d6baaecb6bea382f8eae460dd60a788197f57b582f33b15c3bb9d70929013b
SHA512

f63ebe19a71fb12d0afe10a033300f7435dff4f9d39d02aea220f90f1abf6d53786dfcf96dd8f30e61fc7581e0f044da212e61cd73227dc8c279922576a826bf
SSDEEP

3072:SNSWel+I0cPzKnOm79UExpE0sfjG6sJo8e8hC:SN6+I0cPzKDxpE0yatO

Score

10^/10

@rengli_sh redline

Malware Config

Extracted

Family

redline

Botnet

@rengli_sh

C2

20.171.68.88:21887

Attributes

auth_value
c371cfb30fab460c373488f3ccb14b08

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20.171.68.88.exe

Files

20.171.68.88.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ