Behavioral task
behavioral1
Sample
644-362-0x0000000000980000-0x00000000009A8000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
644-362-0x0000000000980000-0x00000000009A8000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
644-362-0x0000000000980000-0x00000000009A8000-memory.dmp
-
Size
160KB
-
MD5
739a8ce96c2933a84e3109fbeab5b885
-
SHA1
5d8e5da8ec22008646c833dd3fe306f7b3c79111
-
SHA256
40ab38f0a4b117814556276e611ded48b8fd84e50fcce8d483a6007d494980de
-
SHA512
58e4453f6d0b4d3e188ce97659a0b9864460ac65f83f7f6b7edc149ca30100a38ca4697dd44b1938881677fdb766f73069f3237cf4ebf7132795396141552eed
-
SSDEEP
3072:aYO/ZMTFjr+sIjLHydBupA8vWFjyRPkhCSSw6:aYMZMBjr3I/0BYBpkh
Malware Config
Extracted
redline
all
37.139.128.203:44588
-
auth_value
32aa4d6df6f06883d86b201db44480e4
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
644-362-0x0000000000980000-0x00000000009A8000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ