redline | Cheeser64[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Cheeser64.exe
Size

159KB
MD5

ae1fcb5cdaced9ce2e8864fa84324fa8
SHA1

3d34c8a4ac41c3af2a2e381941c0f92101ade8c7
SHA256

a7ae9d88811aa24d0bd3bb20f3603ee8575b10fce5507d637f4e369b006ce5be
SHA512

704fbb6c58fcb51d27dce84a9a6e8c8ddc91b29087a59262e7d9b138fc21474a93837197818f59754968d860e9d12f571ff7a0784e1a822de5f2dc8da0de5c69
SSDEEP

3072:s29LP/YAQlW30GLsmAwNr12pGuhTMo1syKXFWnO3TRGfx01h7AykD:x2dmA42gST981BcxKBA9D

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cheeser64.exe

Files

Cheeser64.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ