redline | 0x000500000001949c-65[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x000500000001949c-65.dat
Size

174KB
MD5

6697c7816400fef0b891d5eb760a159b
SHA1

b050fc7d159110c1c2d1abb57c26c7e539781013
SHA256

78f208d721982fb33d61f7aee34416ea468f93bd98acee1b12044b36466f5498
SHA512

0ac36c7acc99bae2bdea4ed3f67f9cb0140da8c5fee937a5691d1b8fb51e5241f4cc022fe5dae03ecb97faabe7a9084c1bc8b3286c0caf542b4b6e687d0edc0d
SSDEEP

3072:rhcAmySI0PC7vZObhfDmj/BRaUTE0EY4SJY8e8h8:rhNSI0PC7vjCUTE0d+

Score

10^/10

domka redline

Malware Config

Extracted

Family

redline

Botnet

domka

C2

77.91.124.82:19071

Attributes

auth_value
74e19436acac85e44d691aebcc617529

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x000500000001949c-65.dat

Files

0x000500000001949c-65.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ