redline | c0cbd3727926b4ed773615f88cb831e7582ec9c670f07d85d9bb7fd981cf6fb8

General

Target

c0cbd3727926b4ed773615f88cb831e7582ec9c670f07d85d9bb7fd981cf6fb8
Size

111KB
MD5

b260d61f6f23b116c5ff71679cc02616
SHA1

1232ac6e6c2b951dd717ee42693aefe7427eb47d
SHA256

c0cbd3727926b4ed773615f88cb831e7582ec9c670f07d85d9bb7fd981cf6fb8
SHA512

62b91f33578c2e6780df8d22983864d67578114bd1b871453d1970baf9394f6079cb5cb7f778b5d20b3e13feaa492976ba9db10c873ff6b578f06a2e7d36c582
SSDEEP

3072:4dY97+9VgPcpBXsqe3TDjxx9ek6+suTDbEQcmwwS:eiWWGG39xRbEQcmw7

Score

10^/10

newlogs redline

Family

redline

Botnet

newlogs

C2

85.28.47.7:17210

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe	family_redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe

c0cbd3727926b4ed773615f88cb831e7582ec9c670f07d85d9bb7fd981cf6fb8
.zip

Password: infected
264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ