Behavioral task
behavioral1
Sample
1212-65-0x00000000004A0000-0x00000000004C0000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1212-65-0x00000000004A0000-0x00000000004C0000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
1212-65-0x00000000004A0000-0x00000000004C0000-memory.dmp
-
Size
128KB
-
MD5
77b49c81d784041d22770dbfeba1c7a8
-
SHA1
226bbfa4106903b2abd5258570a50015735470dd
-
SHA256
c0c4c8b30747f29c680f7ce6dac8440f526cdddcb800ef69a6c2cd44077af2dc
-
SHA512
e2e3869e577372f911a03eb36012acf708dc19f4f8592e99a478cfc11791980e5465bc222ed21e873d49193cb2aae30e3477d4da4269512733cda5d2ab2b032d
-
SSDEEP
1536:M/CNDGWtBopjzpW90j5Wd9iIWkjb6baDnjbuMZ0QCWn0wuei6HLtDdi:GC5pBopBDQGI7j2aDnPeTWnhlG
Malware Config
Extracted
redline
Install
176.10.119.117:27038
-
auth_value
701b6467f584b2d5c52fa31ecce6761d
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1212-65-0x00000000004A0000-0x00000000004C0000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ