redline | NEAS[.]NEAS303beac4f4f77b0b7c6ca8e9941594b740f2ddcf411e75d8b956362c26378c26exeexe_JC[.]exe

General

Target

NEAS.NEAS303beac4f4f77b0b7c6ca8e9941594b740f2ddcf411e75d8b956362c26378c26exeexe_JC.exe
Size

1.1MB
MD5

c4b66fda55f6b1d53441863eaa5fc077
SHA1

1d81c020f000356d4131c7d6714e925f6d910d6b
SHA256

303beac4f4f77b0b7c6ca8e9941594b740f2ddcf411e75d8b956362c26378c26
SHA512

8a3afc7af38a19b567255e9505d5ed3175222b37ec7710449f677cdf33aa7992b01024e6acedf75e6b4b43319542f426dfdb54d4709b125fa54a71a257364919
SSDEEP

24576:FrMAcNgceoG0UGs04G9Lop517ceWAQZ/GmFwUfGQbTv:FXxO9LQ17nWp/DFwU+S

Score

10^/10

10001 redline

Malware Config

Extracted

Family

redline

Botnet

10001

C2

103.84.88.211:9255

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.NEAS303beac4f4f77b0b7c6ca8e9941594b740f2ddcf411e75d8b956362c26378c26exeexe_JC.exe

Files

NEAS.NEAS303beac4f4f77b0b7c6ca8e9941594b740f2ddcf411e75d8b956362c26378c26exeexe_JC.exe
.exe windows:4 windows x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 784KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

msvcrt

iphlpapi

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 240KB - Virtual size: 240KB

.sedata Size: 784KB - Virtual size: 784KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 48KB - Virtual size: 48KB

.sedata Size: 8KB - Virtual size: 8KB

.text
Size: 240KB - Virtual size: 240KB

.sedata
Size: 784KB - Virtual size: 784KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 48KB - Virtual size: 48KB

.sedata
Size: 8KB - Virtual size: 8KB