Behavioral task
behavioral1
Sample
2196-289-0x0000000000840000-0x0000000000868000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2196-289-0x0000000000840000-0x0000000000868000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
2196-289-0x0000000000840000-0x0000000000868000-memory.dmp
-
Size
160KB
-
MD5
f03598f35322f6b8914ba1d5ca80730d
-
SHA1
0c8b7e8bce1c15eed78e8710db97e18c10944f25
-
SHA256
dec5b7980a252270a74be8e64cc9c44ef6d1e3f8f983c2acb1fc8e93e53d55b2
-
SHA512
7d2bd870c879e6630835e209cbc14bac2005046049f710ffcd3b00dba8b764d0d3160f46e72a1b7f2c9f1f6dfbf0497a315382782e8e2ff5ca502cb12150f655
-
SSDEEP
3072:JYO/ZMTFgcf0hnN4be5spjX+NVvDFTyFPqhJSSMb:JYMZMBgcf0T9shXIAVqh
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
2196-289-0x0000000000840000-0x0000000000868000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ