Static task
static1
Behavioral task
behavioral1
Sample
3480-364-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
3480-364-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220310-en
General
-
Target
3480-364-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
db615264f299f1945400470f4f0d8710
-
SHA1
5949bc2923d9cb064a6f8c5c7845fc09a80d305e
-
SHA256
9e69bf6f031f8e7ccfd152e67705fa96f2b3250008e2bde6d33d4b21fad77afb
-
SHA512
ac85b620c019aeb28c295210f4fb327c976845146018a093891882ae9e4af283b15930cce4eafe18b93dc89a60692cf4883fc869927b343ea8b4b09e8344a54e
-
SSDEEP
1536:FRxtkCrnQ2IEAycGxZ0SFtV8xUyEAOfcHLBWIKzwfbuZuorslF0wuei6tLu:wCrnQANjtyMfcHOWqwlFhzC
Malware Config
Extracted
redline
ruzki28_03
176.122.23.55:11768
-
auth_value
22cdac7fdda98bfe74c28402ce2ddc18
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
3480-364-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ