redline | 3e76e294d97f76154116a7378d51c0ee | Triage

Sharing

General

Target

3e76e294d97f76154116a7378d51c0ee
Size

225KB
MD5

3e76e294d97f76154116a7378d51c0ee
SHA1

80611ced29ef81252abce395b91c01a0e1af29c0
SHA256

f92f526cbd872e89cfe79c1492976f87e4630db6825b3be08560709523952c7d
SHA512

8c8224edf6aa50dcfd729be7a70dffca8a6c77328002cec0531677952da35f2d451b50be4245ed5a9dea1ec21acba98fafa813dd0053c4437dde6c51cad85c58
SSDEEP

3072:E6StEQeofBEk0d+0QQoJXhW1io/1aeLIgi10d4kkJMzI/yoPiUb:Sex1aeLIgiq4kkJM0yw

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

3e76e294d97f76154116a7378d51c0ee
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:b4:5a:05:4b:ec:f7:9a:4e:95:35:05:24:2f:b8:51
Certificate

Issuer

CN=Demising,O=Footboard Mikron Inc.,C=S6,1.2.840.113549.1.9.1=#0c1a69626964656d7368696c6c616265727340676d61696c2e636f6d

Not Before

29-09-2021 21:00

Not After

06-10-2031 21:00

Subject

CN=Demising,O=Footboard Mikron Inc.,C=S6,1.2.840.113549.1.9.1=#0c1a69626964656d7368696c6c616265727340676d61696c2e636f6d

91:3c:ce:31:d3:86:78:5c:c6:15:e8:90:22:e5:d2:d5:29:92:f4:ab
Signer

Actual PE Digest

91:3c:ce:31:d3:86:78:5c:c6:15:e8:90:22:e5:d2:d5:29:92:f4:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ