redline | file | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

343KB
MD5

70a7e037e54128ff83a8d734cd5c8fab
SHA1

a229224bea942b929dfea7e138ed1fa602a40168
SHA256

ddc60eaa7659f391221ecde591a8caa09618df4fe3ddb1e5b37c27662577e669
SHA512

bccae719dbf320b930314accc313fb8e5d0221b112dc8b20598f46f3641351b9c973c7980e708faba1fa2fb24d35323e5c9191043a9fddb6a03ff8f6bc45bab3
SSDEEP

6144:p4ZY8qXiRhZuTv1+3RAL0I2lnap792YzUBBbvG2N1KyNTi:OZrqSk1+zIh+BbvGb

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file

Files

file
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ