Static task
static1
Behavioral task
behavioral1
Sample
5068-309-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5068-309-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
5068-309-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
54fe3c1dec97c5e0943b0cafaf699532
-
SHA1
08389b0311fbb9925974117cfdeb6fb7790c1f90
-
SHA256
7b39d0685ddb19594de45a4b1bad8917c5f79c2abbb26c3818bd6803459c23a5
-
SHA512
3dea0b905f604fb7bea42d7588bee62d856d529a75c7cdf8e266cb77fc56786049b692b1c32da98cd1516f377ca15435604bf052f6bdd65921397326415460a5
-
SSDEEP
1536:Q0DDkCr4G2IEA+cZHwlvNw/3alRy2C/USBxv0vbuTxArAHvdLU:QbCr4GUZl6PavCPG9cH1I
Malware Config
Extracted
redline
pizzadlyashekera
65.108.101.231:14648
-
auth_value
7d6b3cb15fc835e113d8c22bd7cfe2b4
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
5068-309-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ