Behavioral task
behavioral1
Sample
103452-289-0x0000000000400000-0x0000000000428000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
103452-289-0x0000000000400000-0x0000000000428000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
103452-289-0x0000000000400000-0x0000000000428000-memory.dmp
-
Size
160KB
-
MD5
835ed083aacf1c0aa2eb8334ef73516e
-
SHA1
72eb0722f9a14db56d2d57f9e91c048701edf52b
-
SHA256
a85b38a558228e45b54ea263d1bb15dbc2e4f00be70df4ae0b1c3fa4d74e54ae
-
SHA512
ceaf50d07c39dc360d16ef301b92b9bdda3c37b9f7171b57f5cdece2c908a8927eef93bf1162d1aefa1eb924306ee86874dfaee9777e8eccbac84480a367c3bf
-
SSDEEP
3072:dYO/ZMTFFBEowLkeJ92gQe5iVybDFjyRX/hUSSIB:dYMZMBFBEo7Y95QgMB/h
Malware Config
Extracted
redline
install1part
185.224.133.182:16382
-
auth_value
01759eb8d6120155c19b779c527fb1e2
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
103452-289-0x0000000000400000-0x0000000000428000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ