redline | 1496-55-0x00000000006E0000-0x0000000000710000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1496-55-0x...ry.exe

windows7-x64

1496-55-0x...ry.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1496-55-0x00000000006E0000-0x0000000000710000-memory.exe

Resource

win7-20220718-en

redline af2 infostealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

1496-55-0x00000000006E0000-0x0000000000710000-memory.exe

Resource

win10v2004-20220722-en

redline af2 infostealer

windows10-2004-x64

2 signatures

150 seconds

General

Target

1496-55-0x00000000006E0000-0x0000000000710000-memory.dmp
Size

192KB
MD5

2087a8dbda26c1bab7a4a105138c70ef
SHA1

c263b360c8f9cb04159e1ab7c0ed875cbf490fe6
SHA256

e6deaf5727395961ec2050fb612400e8898d7cdc7b14179b158828a250bd8c0f
SHA512

598760aa3cbd2d69551201d58f2c12cc162750207be6beebef1a05f302fac07dd249abfb3b6b6cd6c76ed06e3fd2beb56398ebe309ce809ad5184ff3dfcd3d0f
SSDEEP

3072:54aIPxHp7pZn8V9BEc1YqZ2KWQ9Fuk/swkfWL+5RjP8SC:BIHo9BEiDWW6

Score

10^/10

af2 redline

Malware Config

Extracted

Family

redline

Botnet

AF2

C2

stcontact.top:80

Attributes

auth_value
4d729a2faecb406a0eb1d6fcf30432fa

Signatures

Redline family
redline

Files

1496-55-0x00000000006E0000-0x0000000000710000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy