Static task
static1
Behavioral task
behavioral1
Sample
1160-327-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1160-327-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
1160-327-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
ae085b5c5ff7811fc2bc88b470c79fca
-
SHA1
c4b3e68fb38de40221b7a6c3d41239a43c18423f
-
SHA256
dd16a909814d927797880819833e43f242d33d638c1b48df39a4c4d5b702f8d2
-
SHA512
b5515201e5057c4f5efb9f58a8ddf80c0b05abd3b019584bf7c570f8a7a5539103c3ca462e067c0c95463cc7f2728b9281f33a1442b977e70c5856db015031a1
-
SSDEEP
1536:nRx6kCrvQ2IkA6cG550CEtN8xMZUVrf4HOF3sumqbuZgjh7BQ0wuei6OLv:NCrvQ4FW1ZUVrf4HOR3hnJBQhUL
Malware Config
Extracted
redline
@humus228p
185.215.113.24:15994
-
auth_value
bb99a32fdff98741feb69d524760afae
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1160-327-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ