Behavioral task
behavioral1
Sample
4592-132-0x00000000009D0000-0x00000000009EE000-memory.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
4592-132-0x00000000009D0000-0x00000000009EE000-memory.exe
Resource
win10v2004-20220721-en
General
-
Target
4592-132-0x00000000009D0000-0x00000000009EE000-memory.dmp
-
Size
120KB
-
MD5
c6d460a24844c1dbb7b2008cb601c527
-
SHA1
ff3f6e1572f07a32ea03f64c43be6ef6bb90768d
-
SHA256
66f521be36ee3534c24e962cf3f04e6a189985d928a6bb759978beac3aeb3157
-
SHA512
5e8152d8d3c77fc60cad32fc26ff2a5df87ca6997873a3a0ba0fea2ebce8877090465df806335ca50bbce07398ebfbe90c8b4cfa9f5bea78acaa9ecfc0c620b3
-
SSDEEP
1536:9v/TL6oF6bAL6L0Nbxkg3BIMsR/CJZWbrUG4RiXzRX2dVoKXwMx0XT:ZyO6bALyMih4EXzRX2dhXsD
Malware Config
Extracted
redline
Lyla29.07
185.215.113.216:21921
-
auth_value
ce5605b2c036c2c3b7bdfb23dcf5f5a2
Signatures
-
Redline family
Files
-
4592-132-0x00000000009D0000-0x00000000009EE000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ