Behavioral task
behavioral1
Sample
2464-280-0x00000000028C0000-0x00000000028E2000-memory.exe
Resource
win7-20220414-en
General
-
Target
2464-280-0x00000000028C0000-0x00000000028E2000-memory.dmp
-
Size
136KB
-
MD5
43b2ca50510a1feb40201526697d5199
-
SHA1
b5523504af5deca9a8d41590f9ca3fcdf2e9f7f9
-
SHA256
16f772d45322cb7246e7457e743da35ec57cba8800f830e4ec1144971c80be05
-
SHA512
608af8967f112e65a61544a8fa17c11dbb85f7d01b4464666264c6b044fa7c54f96f01254ac6e454c67db2159f1a826fa5b9a98a4e8af1f1e1a1532c2f991431
-
SSDEEP
1536:bGvy0oRlE5k8jNuGaz7PfPmpVfBED/lICnIvRaR6C24xbNxn50wueiaMs19g:bGvmRlE5k8jNcGFmDBnIvsgC2eH5hDg
Malware Config
Extracted
redline
Mount2
ushatamaiet.xyz:80
adinoreiver.xyz:80
qulyneanica.com:80
-
auth_value
041a7c36d4c8d195af1a8b950182ee96
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
2464-280-0x00000000028C0000-0x00000000028E2000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ