Behavioral task
behavioral1
Sample
2780-191-0x0000000000F80000-0x00000000014A2000-memory.exe
Resource
win7-20220414-en
General
-
Target
2780-191-0x0000000000F80000-0x00000000014A2000-memory.dmp
-
Size
5.1MB
-
MD5
c0847141675cc3928f3cf19db23dc86d
-
SHA1
89b3fb2ce75fb201247c69d6972b32ceacbe9357
-
SHA256
9dc968d583f2d026ee46d35769c6f90f3f1eb9095bae7f17796b80db7d792059
-
SHA512
c5925361960cd1e65d6b954d8cd05b408e95d51ef1827c02fc6c560ddc55be7e90b767cd2252cf46e64549de51dbf8871ccb341071c41e9fb96ce579363fc274
-
SSDEEP
98304:Yxh/hwWFzdIttnRB51B/WDEUZfmDogxEF:oSWFzdGRLfqfmDLEF
Malware Config
Extracted
redline
1
45.10.43.167:26696
-
auth_value
3a70a3e2f548aaf61e05be9e4cadc7c1
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
2780-191-0x0000000000F80000-0x00000000014A2000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
Size: 104KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ