Static task
static1
Behavioral task
behavioral1
Sample
400-132-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
400-132-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220331-en
General
-
Target
400-132-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
ff1514a33e8648c12d3d7db2fc33fd53
-
SHA1
7aad454700a903e39ec9545c0c51208cbb13658d
-
SHA256
a40a180e86bb6adde6abdb62c5ad96989abda18d85ccc1fd32bf132a148b3bdd
-
SHA512
d79c82c3c3e36f221f3e33b593f2f7a31a9dc36abadb0542ea1cd2f661d3adc4446644abd3983614038852c7bc5a15a8f35bfbc50fd3e99629ba58ecdda5dcd6
-
SSDEEP
1536:ERxakCrtQ2INAFcGLB4aAtP8xqrrZMbf8H6HxXtefbuZgXZ7Ju0wuei6kLQ:MCrtQOPw3rrZMbf8H0d8zhJuhWE
Malware Config
Extracted
redline
@ansdvsvsvd
46.8.220.88:65531
-
auth_value
d7b874c6650abbcb219b4f56f4676fee
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
400-132-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ