Behavioral task
behavioral1
Sample
1668-55-0x0000000000370000-0x0000000000390000-memory.exe
Resource
win7-20220715-en
General
-
Target
1668-55-0x0000000000370000-0x0000000000390000-memory.dmp
-
Size
128KB
-
MD5
87615e1a3f408e63259116083fad6392
-
SHA1
1a3688ef0f2cb1ef9c1963a93c2eadeba8f734d1
-
SHA256
52066c6ca336690c58b365ec147e4e00bb22db315a3890cfd3626921821f1abe
-
SHA512
771e0006f1fc72fe7e1e3c8bff2f4359cb83d6797eac084846d462d34037676f54d39ffccb387d1f185378c92442f817ad7121f07e52b1940c0598ab531eb9f0
-
SSDEEP
3072:5cvFBwCY+piqI+Tg6i0vGtmQcFU6TKh14EASNk:5cvOvL0vY/cNKh14jS
Malware Config
Extracted
redline
1
194.156.99.113:46237
-
auth_value
46329fc87924eb6eaf95dbb680b20dbd
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1668-55-0x0000000000370000-0x0000000000390000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ