redline | 0244c540d99d3c8507bdc73d5b4646a3[.]bin | Triage

Sharing

General

Target

0244c540d99d3c8507bdc73d5b4646a3.bin
Size

115KB
MD5

a6dcd91c7275a667d9a581a179ad6735
SHA1

c18fb7e50f0b3377be679e0a19feae97d62c6317
SHA256

267dc56c7e0d7c3f5098f9d1de3ef86bfd426d9df2acf4b9370ebb0061fda970
SHA512

54d47abc6bc5497e0a5a2fa9f8111635e4af2b9644f3fa5eae30a56e49bb9bb645991abff6cb248b7a63022fdf87ed73575307cf55082e7888ae81f4b95cbce9
SSDEEP

3072:r3OYrtP4UVwwfIhKo4g2AEZh8+LY9wdX5:brP9ywAhKLG+d5

Score

10^/10

spoo redline

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/ce8c0c6f213445d5bc40441e171cb112c92bd4192783c06cdd17ba4d851565f8.exe	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ce8c0c6f213445d5bc40441e171cb112c92bd4192783c06cdd17ba4d851565f8.exe

Files

0244c540d99d3c8507bdc73d5b4646a3.bin
.zip

Password: infected
ce8c0c6f213445d5bc40441e171cb112c92bd4192783c06cdd17ba4d851565f8.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ