Behavioral task
behavioral1
Sample
2036-56-0x0000000000090000-0x00000000000B0000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2036-56-0x0000000000090000-0x00000000000B0000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
2036-56-0x0000000000090000-0x00000000000B0000-memory.dmp
-
Size
128KB
-
MD5
477276c6211e2ff5ad43f985f2fcfee2
-
SHA1
1cd2fe9c192fb11b470f0cf770e029946e9ea9f8
-
SHA256
9aa9f5b7aea8d4a5d2db657b8462c3387b94a78fc1ce8d210c295b72c4b8249a
-
SHA512
b82a4453ec2901a57a1c49ec30402f081d19da980293adcf150436d7bd2ea73c7392214dcbe7ab01e610fd49b44bef4b2f5a33f93577f7b30e561079c45ce2df
-
SSDEEP
3072:3GhlBkCniYz8I/hhL4+lsKk8O5GyDGhFgoaSe:3GhVdM+w8SGhFgvS
Malware Config
Extracted
redline
Ruzki 3k
194.87.71.5:12857
-
auth_value
a48aca103247e146d387585961a62d1a
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
2036-56-0x0000000000090000-0x00000000000B0000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ