redline | file | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

219KB
MD5

8e375658c26073cc74244208a265fe4b
SHA1

f83bb9db040b6672582c0cf718b7edaa1c605f51
SHA256

815e8230c53a920be7ea8beb56f086c31ac26c909ce59839d74f3f17443a6e46
SHA512

22255f45b2a1244f72436b3cebee4626f577d6c689cb78576fe0b01beb3a9f08e1592c4469e5509c287abbb3d4f4b29caf6e5043a10aad17dc035e7ee360c8cd
SSDEEP

3072:3mYApYJ+a70NgcV4ZfJ6rInqP/OpTYL8RSd3/1Sh4eW+DaYKSH:2i+a70NgcGB4rII80N/1S+P+Dar

Score

10^/10

persom-1120 redline

Malware Config

Extracted

Family

redline

Botnet

PERSOM-1120

C2

194.49.94.77:22888

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file

Files

file
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ