redline | c2655f3d4ce5ee7e0a85e9babdf85ab6[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2655f3d4ce5ee7e0a85e9babdf85ab6.bin
Size

65KB
MD5

77633d2ba6978c411712ea8f794befff
SHA1

336b1b944514a1ceab5f0edd0e6e39f3d47a33ff
SHA256

c7fb1770ec0d250496fc008146bb9f6af19d900c84c0677ebc6d72b7ba8a4c80
SHA512

9e027493e607ceada3ab6a997286ed991e83b043e57cacb922de924fb1d94607756d85817c319472fff63e6f98ac516269a9dd0c8b32afcb5f801708a593d506
SSDEEP

1536:sKgspmJOtfxS5k8et2CALf+0l/n7IqETY1DuSv8DHswY:sKRkJOtZ0k8etB0fLn74uKZC

Score

10^/10

sq1 redline

Malware Config

Extracted

Family

redline

Botnet

sq1

C2

185.225.74.51:44767

Attributes

auth_value
698af4e4684b19e1acea9a7ebb86fc9b

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/33b91e0bd97d6a7c4ffbfd6666ce7af5d20f0083a817ffbcb4c693b413e11e39.exe

Files

c2655f3d4ce5ee7e0a85e9babdf85ab6.bin
.zip

Password: infected
33b91e0bd97d6a7c4ffbfd6666ce7af5d20f0083a817ffbcb4c693b413e11e39.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ