Behavioral task
behavioral1
Sample
1528-65-0x0000000000400000-0x0000000000460000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1528-65-0x0000000000400000-0x0000000000460000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1528-65-0x0000000000400000-0x0000000000460000-memory.dmp
-
Size
384KB
-
MD5
3cc9d02ac0a5a53408b7a89b7c771658
-
SHA1
3dfdee0bd8bd1e057aac8654ac46f75bb42fe420
-
SHA256
2b70a229b071b8407352389c1ba0d8193cd805c533f2d76f2b230cc6e75028f9
-
SHA512
f5890bc63c3a2781f4ca7e79e0157b82426731db642d5b969cd72220e76b9993ac09aea574252b7bea23760ee8aa46ec31926f4e6f6db45b479a8b5d990cb2c7
-
SSDEEP
6144:aQzqwx9AA8pINgYCThhEGn/a/3j1YKnXApolwkyxVbHxy9FY8cmJGKIB4:hx9Z2rbza/3j1YKnXApolwkyxVbHxy93
Malware Config
Extracted
redline
2
79.110.62.196:26277
-
auth_value
1c0b2a7d9265a0bd7186c9687fe62c4e
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1528-65-0x0000000000400000-0x0000000000460000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 356KB - Virtual size: 356KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ