Behavioral task
behavioral1
Sample
1276-231-0x0000000000400000-0x0000000000422000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1276-231-0x0000000000400000-0x0000000000422000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1276-231-0x0000000000400000-0x0000000000422000-memory.dmp
-
Size
136KB
-
MD5
511cc786b0bf764d04af32c743f29e12
-
SHA1
cdce969141034ea9050bc1b8638a2ae8fed84405
-
SHA256
72bce374fdfcf2a8fda008f84caa3b3b0b13f8038bff1de53591598eae2c6375
-
SHA512
9b9a2aefcfbc9d0e14900eb61f926885ddeb0277fdcebddeb6d6ec9c4d242961cd4388129d870b31bb7574d04c9874c9b1b844fd1828ba841eff993862cb647a
-
SSDEEP
1536:xsHdbTaPICBJTgtp/ytuJqMMbMuL6bgFvyTFdraYPrzGEuZqd:xedqPICSpq7MESbg1ypUuHB4qd
Malware Config
Extracted
redline
fucker2
135.181.129.119:4805
-
auth_value
b69102cdbd4afe2d3159f88fb6dac731
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1276-231-0x0000000000400000-0x0000000000422000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ