redline | file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

219KB
MD5

00e10489d0d0eee2ca1c89f8a225c88c
SHA1

c272dbdd42dacd1109aa3e8e550c00ed730ca0ea
SHA256

a882a94fe647991ec876779042d5238562541749de4b3f888dd5135862fbab20
SHA512

cce432038a50d7cf02db94b7d441d0f0dffeb5afd7a27db752f52a4f6ff2408cc6947381600f5dae7d9e9f5c741dfc5fb42fc9d4ac3e0630a1dc3a86f9343ccd
SSDEEP

3072:uVf977CNgctVghrb9YsGtGgRSd521SvwemZ4liKSN:GV77CNgctirb9YnJ0D21SovZ4l9

Score

10^/10

persom-1124 redline

Malware Config

Extracted

Family

redline

Botnet

PERSOM-1124

C2

194.49.94.77:22888

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ