redline | 94e24ffd861a47bfbec8f6263bb76284[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94e24ffd861a47bfbec8f6263bb76284.bin
Size

130KB
MD5

9e502bc7fb2f0c6a452dbe1ab2d166e3
SHA1

eadf18e06129fcd6fa16da3c6c14dfa65626ba01
SHA256

6376bd97014e0e4af0a43e3e504d3cec8d208f0adcf7638b4e3b8904928f4b5e
SHA512

82ffd06b00013d009c94b87e6a626e2e11b0b9248845507c38c764758398613442c634e72889461ec432bc15d2f2514398a1985273daca0d038738a43c06fa75
SSDEEP

3072:qpz8FC8d3P1rFSqkdtTdT27PQC3X5KQxRNY:szGd3P1rFSqTPQC3X5KE/Y

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/1c5a7b286a452bfe4ca2ccf6f548260de52705608c93c7fe49092ed8c21d50d7.exe	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1c5a7b286a452bfe4ca2ccf6f548260de52705608c93c7fe49092ed8c21d50d7.exe

Files

94e24ffd861a47bfbec8f6263bb76284.bin
.zip

Password: infected
1c5a7b286a452bfe4ca2ccf6f548260de52705608c93c7fe49092ed8c21d50d7.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ