redline | 58ed282c74825b5b77132329d2a06868[.]bin | Triage

Sharing

General

Target

58ed282c74825b5b77132329d2a06868.bin
Size

144KB
MD5

decbd95681e50568cfe2f58719b1d20b
SHA1

e04cc4eee493d441b84ce796c7a8e3594d98a02c
SHA256

9ace91818c4848ce60d5abb45ffa4688f267df413f01cec8bf5a6ed726eb3a1b
SHA512

9af1a347f8673c7c56f8fe24861f9eed0be56e9045dbb4f8a9f984dedb2d655edc8e40ae553e3a2970b7875a4241854ce69cda11ff45b952607444030731da2a
SSDEEP

3072:3fNjyTjkPAYoRAEChD+3gTkhO/KaUsSc+8iM:3fl9PAphWrkhiKF0+8v

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/e1cf672f6bb955a21b742da64c3978241d639e9c2add415b63df73c52b4c1c8f.exe	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e1cf672f6bb955a21b742da64c3978241d639e9c2add415b63df73c52b4c1c8f.exe

Files

58ed282c74825b5b77132329d2a06868.bin
.zip

Password: infected
e1cf672f6bb955a21b742da64c3978241d639e9c2add415b63df73c52b4c1c8f.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ