Behavioral task
behavioral1
Sample
3956-233-0x0000000000B20000-0x0000000000B40000-memory.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
3956-233-0x0000000000B20000-0x0000000000B40000-memory.exe
Resource
win10v2004-20220721-en
General
-
Target
3956-233-0x0000000000B20000-0x0000000000B40000-memory.dmp
-
Size
128KB
-
MD5
216f1ec0ced58f934aefe223b715e189
-
SHA1
5efb83d3170354c38f23afe0d57527d00c1146d1
-
SHA256
cc70d6030c5a24a85e0ca0fe653be298a705c545ba0f7d5044f4318f73a490df
-
SHA512
a5085c8a5fcb8ea54d11ca2ce7ccd5619618d281246efb393c31686af7f355ff05b25b890dcd1706372230de1e705fe4b73874b9a511ef05e7c416cdd8077bba
-
SSDEEP
3072:bcvFBgCYCpieID9L27lqeI6QcEhpTFhM4EASNz:bcvOfYlq9zcqFhM4jS
Malware Config
Extracted
redline
@tag12312341
62.204.41.144:14096
-
auth_value
71466795417275fac01979e57016e277
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
3956-233-0x0000000000B20000-0x0000000000B40000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ