Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
General
-
Target
file.exe
-
Size
137KB
-
MD5
1cd36877d5e6e6fafa38f1c9f21cedf3
-
SHA1
e02d4dfad2a1a82a5bc5f6125bb421a02c42d363
-
SHA256
d273fc08938b54321f5d01dfa9200573efdf9d6fb9a2daf038aedd9d1f85ad65
-
SHA512
98756c55b5a2d2497c854edd0a8b47cd36a22467280989ab3cc520b68307d08f91346f594453c6bbba73d296faca46bc7d996caf3fb0e261587efbb6c207569a
-
SSDEEP
3072:UYO/ZMTF5tgoYzdxIwqaasDVVCDFWLRPChaSSc6l:UYMZMB5tgomWwqaasyQpChc
Malware Config
Extracted
redline
nam6.2
103.89.90.61:34589
-
auth_value
4040fe7c77de89cf1a6f4cebd515c54c
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
file.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ