Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
General
-
Target
tmp
-
Size
137KB
-
MD5
14e5359992d0a3f4c66f51766a70ad26
-
SHA1
274a8bbf8197f1a803215b95fc3879785924dcb4
-
SHA256
747329e17b67401944bd3f8a11b4cbe8770ad714eda50740ef1629431c713e3b
-
SHA512
1d120ea2cfb5743a46d9c17e1530a2f5de7d0fd61e8a3d0ad933c5b966da83271af92adfa5c8ba038206d686bb661965d6dc2b862d8f10098900dd6e78c36a26
-
SSDEEP
3072:MYO/ZMTFhne4tHu2yu/Sx7ZIVaDF2bRP8hPSSP4:MYMZMBhne4A2//Sx7ZN0p8h
Malware Config
Extracted
redline
seo35
34.92.152.18:27180
-
auth_value
402c199e97a51d0d3197786424b45812
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
tmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ