redline | f003c890d576ff62f21c045339ed95e0[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f003c890d576ff62f21c045339ed95e0.bin
Size

280KB
MD5

f003c890d576ff62f21c045339ed95e0
SHA1

f564dcb8a9e1412bf015ca3f021ae5ce06707927
SHA256

0a15cd6f2a51d363a3187f63b5f90fd69f2011a7d5bf44abe8b8eeffadd78f75
SHA512

35565ae65bac7a38b639026aed160a335fa57c4ccf374cef0109eddfd72e7d70189b3cb630625399aa0ca1abb63531abd327ebcdc08a66e34cf5f54b29e964d8
SSDEEP

3072:JWz6jYELL6VXXCG/SyVXtwkw/em3EvLc9Cao40VBaw8hUJnSVJBb7xNn2pU9f2MJ:cz6jU1KyZtwLe2EvLcSJ8hinSVJB

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f003c890d576ff62f21c045339ed95e0.bin

Files

f003c890d576ff62f21c045339ed95e0.bin
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ