redline | 2dc8d8ff0339bfd4a3dca28775656bfd | Triage

Sharing

General

Target

2dc8d8ff0339bfd4a3dca28775656bfd
Size

237KB
MD5

2dc8d8ff0339bfd4a3dca28775656bfd
SHA1

8a7aa0789a257cee9ddee914f89f1adbb3d34fb1
SHA256

a6e143702fa6e2f56ee76d5a68a1a8b0ec209522bf8dff75f356f7d1e7725744
SHA512

6ad9d553cb076f7ad264d229179624231ce253f6bf14990e76eadb7d480ac522f51bb97928fa17b3b63a9d98fff1168bd0f1cc26fab3b62af05ed5c7761d1c3e
SSDEEP

3072:TYNVm89Ll/7af2wyAPcE4boPVc+R/uV09M5P9FAUQ/kVvu8QVuUFkVoBUkhtynmF:TU2ZnPcEJPVc+RWb50Uju8Q7a6K6ynmF

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

2dc8d8ff0339bfd4a3dca28775656bfd
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

61:b0:e4:c0:f1:f2:57:ae:40:f1:7f:6c:0b:1c:b6:0c
Certificate

Issuer

CN=Unnamable,O=Quites Thanedoms Inc.,C=L0,1.2.840.113549.1.9.1=#0c177368616e74796c6f62756c617240676d61696c2e636f6d

Not Before

27/09/2021, 21:00

Not After

04/10/2031, 21:00

Subject

CN=Unnamable,O=Quites Thanedoms Inc.,C=L0,1.2.840.113549.1.9.1=#0c177368616e74796c6f62756c617240676d61696c2e636f6d

21:d7:4e:ec:9a:d6:80:11:43:b3:6b:37:2f:4a:5d:a4:4e:a9:47:bf
Signer

Actual PE Digest

21:d7:4e:ec:9a:d6:80:11:43:b3:6b:37:2f:4a:5d:a4:4e:a9:47:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ