Behavioral task
behavioral1
Sample
1912-136-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1912-136-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
1912-136-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
8f547de442c686079c6093e41a989604
-
SHA1
705f39545afd7088c12bd97ebded52a02fdbd71d
-
SHA256
24c97e00b7a456f3af562ce26f90f1e1de0e901f9ebacd26d23c84570ebf1587
-
SHA512
a87ee31d13dee9f2c3ecd67e76e561710be4973bd6b69d7f76d869490126c33a9afed2b145fd76da9550c9fc9b4df71db94a7dfaa967d2ed55b73ee92358a233
-
SSDEEP
1536:xRxNkCrCQ2IhAQcGonTnutC8xu5+O2f8HVub7wYbuZuNrZly0wuei6LL3:QCrCQruhnY5f8H8JjtlyhtD
Malware Config
Extracted
redline
777
107.175.65.144:41825
-
auth_value
8ff2bff46289ab145ce573ede9b4258f
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1912-136-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ