Behavioral task
behavioral1
Sample
1420-56-0x0000000000400000-0x0000000000428000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1420-56-0x0000000000400000-0x0000000000428000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1420-56-0x0000000000400000-0x0000000000428000-memory.dmp
-
Size
160KB
-
MD5
8e3c75e0d49076f26cd955315298ddba
-
SHA1
f96bd2c3a4b70dd09299b808d7db076a29ae86e7
-
SHA256
954980bfba3c8dc1db433b35b9d10639ed6864b5455df4b176cde0987bb56476
-
SHA512
67519bcccd70aef78358384e89b12c1d9c08e5736c0d3257bbc190707cc3595504402af7ecd0775722d255eda97555b0ed1c7be08848f6857bb8cec74da46a28
-
SSDEEP
3072:CYO/ZMTFLj+y4N7ZETKdurVPBOMPWFiVRXEhNSSYa:CYMZMBLjp4brUPBBEh
Malware Config
Extracted
redline
New1
89.23.96.39:44465
-
auth_value
da0f38445d4388aa8d9d8d856edbd407
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
1420-56-0x0000000000400000-0x0000000000428000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ