redline | 0x00070000000231d0-74[.]dat | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x00070000000231d0-74.dat
Size

173KB
MD5

912454c3dec1c012d53eb5c12f8e0e19
SHA1

5db1df581fa8dba09171e328a4778b14a857819d
SHA256

b8dd79e607b4516ca2b92ddece53d85c378b808bb1fb51935bf778a2fe6a5a9d
SHA512

7ab8795e7679aff2697bd68b28d34c777e912e790eb46a8416f79c8c2c6dad37bdf438c00508b76dd3fd369e30e2d9f5d70c884e2bcc9a641dc07e00e32d1963
SSDEEP

3072:AmJOPRIaXI0TIakh+OQhqV+wp5/aif4E0+6OKj0ap0HijJL8e8hh:dJObXI0TIakh4pE4E0/Odap0Hijd

Score

10^/10

kendo redline

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x00070000000231d0-74.dat

Files

0x00070000000231d0-74.dat
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ