Behavioral task
behavioral1
Sample
1360-85-0x00000000009B0000-0x00000000009F4000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1360-85-0x00000000009B0000-0x00000000009F4000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1360-85-0x00000000009B0000-0x00000000009F4000-memory.dmp
-
Size
272KB
-
MD5
39fdc05ea3d7f2c6204c0a0e251ef7b7
-
SHA1
6b39820402ce9eb9a9c4edeea6a7399cec78882f
-
SHA256
42115c97b4dfdc4f8e3a9d6caf61c8f96ed6840c52970db960c846b7a1dd778a
-
SHA512
fdadca09ca8f7ae098fcb45f662469c5cb62a31c486432175e5ffa3c4541156639d4d3f8445d35dff43c6330ec5c00122e94b3410bc9e1853295aa381b17fc76
-
SSDEEP
6144:B35DsWXcPE0JmESvS85n/f+jEaZfdSsbArGx/KjObJguq:w3KvF5n/f+jEaZfdSsbArGx/KjObJgv
Malware Config
Extracted
redline
5
176.113.115.146:9582
-
auth_value
d38b30c1ccd6c1e5088d9e5bd9e51b0f
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1360-85-0x00000000009B0000-0x00000000009F4000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 243KB - Virtual size: 243KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ