Behavioral task
behavioral1
Sample
3280-135-0x00000000003E0000-0x0000000000400000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3280-135-0x00000000003E0000-0x0000000000400000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
3280-135-0x00000000003E0000-0x0000000000400000-memory.dmp
-
Size
128KB
-
MD5
e3bf8c77f789e18c39088afc9b6626da
-
SHA1
f5ba53cd5604c280d7e33a242ba8751956f648cd
-
SHA256
5f209007adf2f0304930814cbc3f5f15933d8a0d11d9d01d3266fc67fa356606
-
SHA512
5c01e327eebcde379734834d174a7c6413dba730e790edce3fd326b1e0543d502790af03a55d2b450d48c7052783b5b9b4556fb82aaa5e67c450357f10e6f97d
-
SSDEEP
1536:URxtkCr7Q2IxA7cGopi3ftJ8xjsuIiE0aSf4HBTzsaKFKalbuZNoxTrEge0wuei/:XCr7QsU28sHiNf4Hx/EKuR4gehZc
Malware Config
Extracted
redline
1
65.108.5.252:43673
-
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
3280-135-0x00000000003E0000-0x0000000000400000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ