Behavioral task
behavioral1
Sample
187944-56-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
187944-56-0x0000000000400000-0x0000000000420000-memory.exe
Resource
win10v2004-20220722-en
General
-
Target
187944-56-0x0000000000400000-0x0000000000420000-memory.dmp
-
Size
128KB
-
MD5
bc5a4f0a3c8a3fb0f352e29790ca46c6
-
SHA1
effaf6c85d9a22182e7c8be7d519c4bd71158fbf
-
SHA256
2d3503d8540e319851a67e55f06ed9e5ba060e821eec6dbc83960a5947ad1310
-
SHA512
7e847e9f5d9e47798834cfb949a5f13d900d6d63d583ff87e0b3319a6ed4524bd52ea271f21786075941789d1634d627b5565e25a92b5aa0489484318139e526
-
SSDEEP
3072:ncvFBkCYWpiOIecDi4qALdKjQcW7jD8hv4EASN8:ncvKrnqApKccc8hv4jS
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
193.233.193.14:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
187944-56-0x0000000000400000-0x0000000000420000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ