Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
General
-
Target
file.exe
-
Size
137KB
-
MD5
3e7476424f53cb86bde748a440f853a6
-
SHA1
8b5a86f7005196149a662df06ee7767be6bd403f
-
SHA256
88f86bd0c315b807570a8330266fe9c8f04f04cef5c06de8f9f82eda57f10531
-
SHA512
09b9b8f7343f74023e3978d6adf9e5d0d4704e0e025c8f7810584b1a35eb668ca1b2ea00478576160e2c59ccd27cd96c6afa2c8970718c236d0aa37dd527a77c
-
SSDEEP
3072:1YO/ZMTFzTDYI7TGDyJWLpVvDFToRPXhuSSYv:1YMZMBzTDY0ayJWX6pXh
Malware Config
Extracted
redline
1
80.76.51.172:19241
-
auth_value
4b711fa6f9a5187b40500266349c0baf
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
file.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ