Static task
static1
Behavioral task
behavioral1
Sample
209820-56-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
209820-56-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
209820-56-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
173696ab19defd8af7fd4e00345143e9
-
SHA1
8c06e74b2790109cae85010b772907b0bc3cea1e
-
SHA256
cc2b4ac4742e17d6c54db18b399382421c10f34fcd66096137bc7c16007f69ef
-
SHA512
80ba101b831cb91de413c68812059bb16952e3dea8102f758faa0623aea248d6ca8d8b4bd77ad64aed5b5d5904013b2827d3ba29e13695ee19621709896fb7d0
-
SSDEEP
3072:6C1si0XXUy48JsM6emHpw7pPd19dQmchS/:Nsi46uFch
Malware Config
Extracted
redline
213.226.123.155:2014
-
auth_value
be2205f654abe3ef15343bc67642db4e
Signatures
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
209820-56-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ