Behavioral task
behavioral1
Sample
320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe
Resource
win7-20220812-en
General
-
Target
320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe
-
Size
137KB
-
MD5
d33a7cb1229b040746c1241e2fccfb29
-
SHA1
c76a083cd3f2c021ce785bfef7344f22b0d3172b
-
SHA256
320bbf2361ce8101cea71e7e02b3fa13f7e5f002fd778b21237fcc869d15edb7
-
SHA512
0ad9c419e38d303868414ce4b9a3f893c14b828dc9f223ce050a775512ef6b184faaee7c1ca972a7f3dfb62dcbdf69b7c123debb175da9f1a0929f07941489d9
-
SSDEEP
3072:LYO/ZMTFxtgoYzdxqUlaa3TVYODFjyRPkhnSSc6m:LYMZMBxtgomEUlaa33kpkh1
Malware Config
Extracted
redline
Jonson2
15.235.174.218:18640
-
auth_value
55841dcf69df8edd34cfe945ade5d66e
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ