Behavioral task
behavioral1
Sample
0x000600000001411b-58.exe
Resource
win7-20220414-en
General
-
Target
0x000600000001411b-58.dat
-
Size
244KB
-
MD5
dbe947674ea388b565ae135a09cc6638
-
SHA1
ae8e1c69bd1035a92b7e06baad5e387de3a70572
-
SHA256
86aeac2a4ee8e62265ee570718bbd41a4e643e0bad69e7b4fa6c24baeb220709
-
SHA512
67441aebbf7ce4d53fbb665124f309faed7842b3e424e018454ff6d6f790219633ce6a9b370aeaf77c5092e84f4391df13e964ca6a28597810dee41c3c833893
-
SSDEEP
6144:up3Ja5x20VGgvErTAGx+v8ZfOmCWpbR7xVn8fvu3mRYGg5xibAq:upZlOvGTAGx+v8ZfOmCWpbR7xVn8fvu0
Malware Config
Extracted
redline
4
31.41.244.134:11643
-
auth_value
a516b2d034ecd34338f12b50347fbd92
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
0x000600000001411b-58.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ