Behavioral task
behavioral1
Sample
964-264-0x0000000000080000-0x00000000000A0000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
964-264-0x0000000000080000-0x00000000000A0000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
964-264-0x0000000000080000-0x00000000000A0000-memory.dmp
-
Size
128KB
-
MD5
c3392443f229bef15ca4e4d90afe4ec3
-
SHA1
a815d826ea74d27651a7f027018da07477130ce4
-
SHA256
baaa59fe7a75a013e124ce9635987074795311abc9a0c924b26129c4bcb6cb49
-
SHA512
494efc45b27805e4d4762ea5edf93bc365d8612318772542124af0b11690bcd4c59f6965afd0ea601470c78fcdae70fc81f8b6dffbff45affe36a2ee03276587
-
SSDEEP
3072:KcvFBBCYdpiIIC8LBZkVdiupC7cp3/TLhT4EASN2:Kcvv8Cdi8QcVLhT4jS
Malware Config
Extracted
redline
Main
185.250.148.104:23290
-
auth_value
128a196090d81c16477a2ef82c42859f
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
964-264-0x0000000000080000-0x00000000000A0000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ