Behavioral task
behavioral1
Sample
1496-55-0x00000000006E0000-0x0000000000710000-memory.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
1496-55-0x00000000006E0000-0x0000000000710000-memory.exe
Resource
win10v2004-20220722-en
General
-
Target
1496-55-0x00000000006E0000-0x0000000000710000-memory.dmp
-
Size
192KB
-
MD5
2087a8dbda26c1bab7a4a105138c70ef
-
SHA1
c263b360c8f9cb04159e1ab7c0ed875cbf490fe6
-
SHA256
e6deaf5727395961ec2050fb612400e8898d7cdc7b14179b158828a250bd8c0f
-
SHA512
598760aa3cbd2d69551201d58f2c12cc162750207be6beebef1a05f302fac07dd249abfb3b6b6cd6c76ed06e3fd2beb56398ebe309ce809ad5184ff3dfcd3d0f
-
SSDEEP
3072:54aIPxHp7pZn8V9BEc1YqZ2KWQ9Fuk/swkfWL+5RjP8SC:BIHo9BEiDWW6
Malware Config
Extracted
redline
AF2
stcontact.top:80
-
auth_value
4d729a2faecb406a0eb1d6fcf30432fa
Signatures
-
Redline family
Files
-
1496-55-0x00000000006E0000-0x0000000000710000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 160KB - Virtual size: 160KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ