redline | fbc0e2090049510e1d3501218a9f882f7a4295f8 | Triage

Sharing

General

Target

fbc0e2090049510e1d3501218a9f882f7a4295f8
Size

208KB
MD5

c4487662949512f7146f316ef695f32b
SHA1

fbc0e2090049510e1d3501218a9f882f7a4295f8
SHA256

71848bb5ee037188ca486be82e35db0f6afe31acbe50cece924f98699dba6be8
SHA512

06b5adb5d3c9e83fd3aeccf5ae0b8ee6a04e7726964a53a7852d5ba560abaa3ef8527cb9bb58188cd6531a81fe69821463b3924cfd6cd9963664c9acc752bf0c
SSDEEP

6144:Ex/YA/SzBLDqNJ9999999999999999Qn2:Ex/TuLyOn2

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbc0e2090049510e1d3501218a9f882f7a4295f8

Files

fbc0e2090049510e1d3501218a9f882f7a4295f8
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ