Behavioral task
behavioral1
Sample
1236-101-0x0000000000B60000-0x0000000000B80000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1236-101-0x0000000000B60000-0x0000000000B80000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1236-101-0x0000000000B60000-0x0000000000B80000-memory.dmp
-
Size
128KB
-
MD5
f8cc3d028c04d0934423698ab946743e
-
SHA1
a8235bea413be776847cdde519a88ccb21a1410a
-
SHA256
5efe812b69536d0dc2f4aa3c7fca816e28c44c45c0a785bdafdc20c690679849
-
SHA512
be7ad221ada863e545a761905f191eb89fa4db4e87379c482f98d636cc90a035f1480ec590e349fd525150f3cd27c0036988698e9f5d4fa748bec738c57f2ff6
-
SSDEEP
3072:DcvFBYCY+piqI+Tg6h4MLkKUQc7b9fDWhB4EASNj:DcvmvI4MoKtcJWhB4jS
Malware Config
Extracted
redline
RuXaRR_GG
insttaller.com:40915
-
auth_value
4a733ff307847db3ee220c11d113a305
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1236-101-0x0000000000B60000-0x0000000000B80000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ