redline | 0x0006000000023227-34[.]dat | Triage

Sharing

General

Target

0x0006000000023227-34.dat
Size

174KB
MD5

da7466f41f5e0d2db5976e72566bceea
SHA1

0944c366cd2a7939a72e8b273bc389b9027189c6
SHA256

2e0c8d9cbc7bccb50e989d2214ec24bc04869e0901587a1a647c3aa29bf132cd
SHA512

932bc3320763fcd10ce59d1318b4374b1c7ba31038ed5736a68716e07c665d8d79fabafa9d89607d5107a7e47e5080f0726ccb4bc897ebe75cc3669627acb04b
SSDEEP

3072:HmVenX0I0V916dOBCymtjvqE0WIkuvwJx8e8hN:Hmq0I0V9161DqE0Vvwn

Score

10^/10

luate redline

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes

auth_value
e45cd419aba6c9d372088ffe5629308b

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0006000000023227-34.dat

Files

0x0006000000023227-34.dat
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ