redline | cc1e287519f78a28dab6bde8e1093829[.]bin | Triage

Sharing

General

Target

cc1e287519f78a28dab6bde8e1093829.bin
Size

111KB
MD5

2e6a3cd7f7469b60a517f32bad98dc1c
SHA1

c67fff6f5471de7c274aeb475c70e669c71d8fa7
SHA256

720980f7aa6083fd797a5a17fbe8fb7f7e074574b068314ac8d57c433a7c32d1
SHA512

6a5373cc48b0f13db8fec9aea1465fa346f13266a892c5d7cfd592f3de04e8dd5cd9ff979c35e293b715932ce1365eb87c41dfcebb2ca6798a2cf507e32db972
SSDEEP

3072:toOnqJo2Kh8AogzIEjIQqAoKUk566L1DkTpAl7:Lqsh/jXgtk57hz7

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

185.215.113.67:26260

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/dbcb61ce94c4d2d216de2b503937a2a964b984577f2d7730b7c6428b2b5e8db2.exe	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dbcb61ce94c4d2d216de2b503937a2a964b984577f2d7730b7c6428b2b5e8db2.exe

Files

cc1e287519f78a28dab6bde8e1093829.bin
.zip

Password: infected
dbcb61ce94c4d2d216de2b503937a2a964b984577f2d7730b7c6428b2b5e8db2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ