Behavioral task
behavioral1
Sample
100892-172-0x0000000000BB0000-0x0000000000BD8000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
100892-172-0x0000000000BB0000-0x0000000000BD8000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
100892-172-0x0000000000BB0000-0x0000000000BD8000-memory.dmp
-
Size
160KB
-
MD5
794be1a9bbb7dacf8cf8cab595028988
-
SHA1
28ab4a6b311ec019a1c4899bef3919d0826c7657
-
SHA256
b94b7ae292d6990d36e8da24f52fd662241e2a4794b5f01e3891caa3e86adce1
-
SHA512
7f8b1199c47a69542a6f261fdf3a89c0fe2736faf6d611272fc85bec5fafffd824960d9e3f4985e2c4c46e1b488b81175fb69b7a7ad72a5d748f52594aa925e7
-
SSDEEP
3072:fYO/ZMTF1JcoA7hZMjlJXN2VLDFqyWPNhCSS96:fYMZMB1JcoK6jPXNu7mNh
Malware Config
Extracted
redline
888888
79.137.192.29:44873
-
auth_value
607a36cfae8c50c53ef92fc3086a32c2
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
100892-172-0x0000000000BB0000-0x0000000000BD8000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ