Behavioral task
behavioral1
Sample
79884-257-0x00000000005C0000-0x00000000005E8000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
79884-257-0x00000000005C0000-0x00000000005E8000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
79884-257-0x00000000005C0000-0x00000000005E8000-memory.dmp
-
Size
160KB
-
MD5
a7868591322c7a49393d9f9cb7fa8825
-
SHA1
c010d84b7b3d9d8a7f1d2654781383cceb58eefa
-
SHA256
a8ec9b4c94beffc7ea4deaec2ebeb6e080875efd0719770c0f548f35fcded800
-
SHA512
0c9c1cb458b6a317662460b96dd906678296acc59360b2ac0ba9def94d7c138265c809b43ebbd6b1eb045cfc8cb9e66846207f9b42aed9c61fc5dc5ec00dc0a9
-
SSDEEP
3072:uYO/ZMTFB1klBzC/GHwQBpGVCDFjyRXRh7SSwL:uYMZMBB1klYOQQPsBRh
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
79884-257-0x00000000005C0000-0x00000000005E8000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ