Behavioral task
behavioral1
Sample
308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe
Resource
win7-20220414-en
General
-
Target
308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe
-
Size
106KB
-
MD5
a46648b2dd6e96562b144ae36956f123
-
SHA1
caa5d0f31b1dcc21e2267a2b240d35e1c7ce769a
-
SHA256
308fcf160e8a3e3956eae1a8a2285d06813dd879104601e884b5af4c960ca82a
-
SHA512
311fd32bd11758d72be1324666bc8e504682e48095698cef6d65ced0422a53f636fbf4cb66348f37e945fb043cf590a57b368a64d9516e47bb04b1a53e56ec52
-
SSDEEP
1536:ARxakCrHQ2IxAvcGFZySXt18x08JENf8HYbpuPFbuZNoxH/EgP0wuei6jLB:QCrHQIpjN8JYf8HYbpuN98gPhhl
Malware Config
Extracted
redline
10
179.43.154.136:6001
-
auth_value
d695bfb18b65b93b53b6583424227f3c
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
308FCF160E8A3E3956EAE1A8A2285D06813DD87910460.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 103KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ