Behavioral task
behavioral1
Sample
4292-133-0x0000000000DA0000-0x0000000000DBC000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4292-133-0x0000000000DA0000-0x0000000000DBC000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
4292-133-0x0000000000DA0000-0x0000000000DBC000-memory.dmp
-
Size
112KB
-
MD5
ab0f5c7e8a7295c187059b6ff4532e49
-
SHA1
98247e68cb461225fe7097019199ed5dbc3f3f24
-
SHA256
4d3882679febd1e5ebacc1777374baccd2f4d6f68b992b3ac55d87ec5d7bd2d9
-
SHA512
6d77b358601d8cf8ebb0ef20f2840290a58fc8993812e44bbd4b4369c7f1c052f95a9b8afb46eaf97cf3fe9c8b3dc5bed32333bf62b44be43215fae7414ffa2a
-
SSDEEP
1536:8SJw9MuWKYha4o3MSqOwxwAbrwStUHUGt/T:fJZa4ocSgLGUw
Malware Config
Extracted
redline
79.137.192.9:19788
-
auth_value
d7d6e6b0afe836c96a3aee94b2b51dd3
Signatures
-
Redline family
Files
-
4292-133-0x0000000000DA0000-0x0000000000DBC000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ