redline | build[.]exe | Triage

Sharing

General

Target

build.exe
Size

300KB
MD5

79f58d9e5c31290d1005b8ed75c2b8b2
SHA1

bc36dfa1fde40a857fa61829c8d4772674e9d90e
SHA256

bb49165d542ebd7a63c727fcb01fc32a77fa319beb4f2d265a5936619f89bea5
SHA512

219df5b014e32df266c6673c1b2248898723496ac18881d3498ee945f242faab30a4e98feb70b22222affa31c43d1d7b1c9917091963091911b916cde0ec3c04
SSDEEP

3072:ecZqf7D347p/0+mAKky4fUQIgdPB1fA0PuTVAtkxze3RweqiOL2bBOA:ecZqf7DIlnPPtB1fA0GTV8kEQL

Score

10^/10

test redline

Malware Config

Extracted

Family

redline

Botnet

test

C2

172.22.236.166:1912

Signatures

RedLine payload 1 IoCs

Processes:

resource yara_rule

sample family_redline
Redline family
redline
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

build.exe

Files

build.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ