redline | 0x0005000000018fa7-67[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0005000000018fa7-67.dat
Size

174KB
MD5

cd09f55dd03b0d6c99d93b0f06c15f2b
SHA1

4982000c4f2f383caebd2e05dde8c3bee7a588d9
SHA256

71f681f15aa8ce2ccc208f772a6607a3eb60f4954b3e02fd46a3d1be4d88ef1f
SHA512

69f0dba885a6ef620b556d30f63122560e99c1814cfe530afa04ba32d4c979938f0c7a1980a2a5df78d9813bbdeb96e297fa9583882f353dfd5824d91a8e791b
SSDEEP

3072:rhcAmySI0PC7vZObhfDmj/BRaUTE0EY4SJY8e8h8:rhNSI0PC7vjCUTE0d+

Score

10^/10

domka redline

Malware Config

Extracted

Family

redline

Botnet

domka

C2

77.91.124.82:19071

Attributes

auth_value
74e19436acac85e44d691aebcc617529

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0005000000018fa7-67.dat

Files

0x0005000000018fa7-67.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ