redline | Kiwi_X_External[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kiwi_X_External.rar
Size

100KB
MD5

d373484ddfcdda6f3f917abc776355ab
SHA1

b0516d4f1baffb4aafaf974c66a8f1e048f59624
SHA256

c69cadd6d4f1671a24e43ca864a0d2a7c5e37d527c68a49d716084a1d8dbdf14
SHA512

7d7fd94ad3f2520bb2746f2d7aee5a90af492374e41b8b8f4ac28cd24e7c790264d24e782d84a17997d9121d5de4dcfc44914cde6fb1a1097acb4078f0cf3a5b
SSDEEP

3072:SeQXML3nJYoQHUC+t2FT4tC7XVSX/Hl8i:2uJYowUC+MT4tCQfyi

Score

10^/10

roblox redline

Malware Config

Extracted

Family

redline

Botnet

roblox

C2

77.246.158.53:13551

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/Kiwi X External.exe	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kiwi X External.exe

Files

Kiwi_X_External.rar
.rar

Password: 1234
DirectML.dll
Kiwi X External.dll
Kiwi X External.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kiwi X External.runtimeconfig.json
bin/HG.pfx
bin/SecrigoPublicCodeSigningCAR36.crt
bin/sign.bat
bin/vcruntime140.dill
bin/win-apo.config
onnxruntime.dll
onnxruntime.lib