redline | b2c6fe2d48502fdd3530f2dfcb2d4f6a[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b2c6fe2d48502fdd3530f2dfcb2d4f6a.exe
Size

178KB
MD5

b2c6fe2d48502fdd3530f2dfcb2d4f6a
SHA1

0bf975bd2b4dfd2286a42711ca79cbb4097992f2
SHA256

83b846c3ec077cbe339faa5aac5a7878672665005a25a58afe1f0c6cb86843d3
SHA512

934a742518a91d96e6963096a926bb58e74a268549df8c9bc4fe9498802e273a9f81b4e634080e14112dfed18613ea037096a657a0e32c6159c6f549ed5e8165
SSDEEP

3072:0kbOIXImZEXIgeu5cN3KohrqvE0mdGZGqNJJ18e8hH:0kyIhZEXIgeQxmrqvE0mBqNJT

Score

10^/10

@iamsodeppt redline

Malware Config

Extracted

Family

redline

Botnet

@iamsodeppt

C2

80.85.152.191:27465

Attributes

auth_value
b3a4c7bb69b0a9c7e9bc67228a2f6df0

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2c6fe2d48502fdd3530f2dfcb2d4f6a.exe

Files

b2c6fe2d48502fdd3530f2dfcb2d4f6a.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ