Behavioral task
behavioral1
Sample
1100-55-0x0000000002640000-0x00000000026BE000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1100-55-0x0000000002640000-0x00000000026BE000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1100-55-0x0000000002640000-0x00000000026BE000-memory.dmp
-
Size
504KB
-
MD5
7bc0cf65d333147592b5d233d906b7d5
-
SHA1
35bd9c0029f52206cf539765d0f0238cf2c49177
-
SHA256
968f6722ae78735ee72f69c6625adee4d8952e617f15d7cf117863a19eef0abf
-
SHA512
5526f7bce999fc1e605b984b923d5487a87df58fc6a06de31d63dbf8c42f9d353c3331dd5cb10e104a80d21c6b6c7e184364878931b936dc090c8c9a4f5a3c09
-
SSDEEP
12288:+81yAtJ+yLZr/TojPAj7l+fxOtJfEiUsDhqA57fsUx2YcZAhTM+uRlg:J+yLZDTojHl
Malware Config
Extracted
redline
Install
69.176.94.78:32241
-
auth_value
262df95952285ebeabc4c91774e37776
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1100-55-0x0000000002640000-0x00000000026BE000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 477KB - Virtual size: 477KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ