Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
General
-
Target
file.exe
-
Size
360KB
-
MD5
446f45823a9cb5aa9816c429e1693a12
-
SHA1
f90f529ed25a48be5184dae60de665eaef2bd2f0
-
SHA256
349f6b843fba45439de23e65302be84125dc0dc5dead668ff387c3fa504e65ff
-
SHA512
588620c589e06c735be621ddf51fcce0dbcfee679a9c2d29f39bba0d967790dff888fa8674ffccaa0bea355e4557a9fb47c5415a5e4bc1dc6f9bd97d14b5c1f4
-
SSDEEP
6144:sIkYoSyiBIHsv1mniBVVjLCTZrEejJ9H939PQmbYncIYd3305aiUpexCuDQem/L4:sId+HNcoEoJ9H939PQmbYncIYd3305ay
Malware Config
Extracted
redline
12
79.110.62.196:26277
-
auth_value
816ac5464b927ccf821adf9e972e19e6
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
file.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 356KB - Virtual size: 356KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ