redline | h8027624[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

h8027624.exe
Size

174KB
MD5

0c1f0c2b626ad136acd470c3a0f8be92
SHA1

08d9c1279c608b3b9afdd7bd508326a8839f3354
SHA256

89dbfab9a35df72569b07d969a7d3d70f8529c2818675c11343e00fe4edb91d0
SHA512

3aadf4200e50a559e644ab81fec136039969a4dbe62655dce88bfc8743bfc291269a8d4e1a51cf3f6467dfd06c7276fd4ef6b5a0706e59056181aa0d3e551b98
SSDEEP

3072:0GRk2OCSnBI0eVY+UxO5FY+bZHoGAxIcE0MLEXs08JYJw8e8hO:22EBI0eVVU0ZIGACcE0ot08JY2

Score

10^/10

petin redline

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes

auth_value
f6cf7a48c0291d1ef5a3440429827d6d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
h8027624.exe

Files

h8027624.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ