Behavioral task
behavioral1
Sample
1576-81-0x0000000000B40000-0x0000000000B60000-memory.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
1576-81-0x0000000000B40000-0x0000000000B60000-memory.exe
Resource
win10v2004-20220721-en
General
-
Target
1576-81-0x0000000000B40000-0x0000000000B60000-memory.dmp
-
Size
128KB
-
MD5
101d5ee8b30c9937691366896719cbb0
-
SHA1
87aff5fa76b204e0ca28864f94f5103efa2e31bb
-
SHA256
3eacb490455290130637ce83b86ae65e3739fa5865ed06037ebaa95cd518a91c
-
SHA512
62e9c0ee6e41e3a540ff09ea82fb8975aea06a4acba284bfcd9ccf0a470eb6020470a2b8b01be79b1d01dbaeb85835ca275bc568b684a11a4966f39a3f45b882
-
SSDEEP
3072:/cvFBgCYCpieID9L27lqeI6QcEhpTFhM4EASNH:/cvOfYlq9zcqFhM4jS
Malware Config
Extracted
redline
@tag12312341
62.204.41.144:14096
-
auth_value
71466795417275fac01979e57016e277
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1576-81-0x0000000000B40000-0x0000000000B60000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ