Behavioral task
behavioral1
Sample
4372-161-0x0000000000400000-0x0000000000438000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4372-161-0x0000000000400000-0x0000000000438000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
4372-161-0x0000000000400000-0x0000000000438000-memory.dmp
-
Size
224KB
-
MD5
ae276534473795fce87337b66e9acd7d
-
SHA1
2694e7673da26311f55f4561940b652c54d0997f
-
SHA256
8dbad809d42a9cf1376f3d860b10fc6649a4541002392e31c9f31305806abe9a
-
SHA512
b541ca20f14e1010e9beff0f2a06deb605189ff8f523133fa9fd5deeaed0c37d3103c897f485fbdc0b1fc631c6ee87f30aa56d0a4f61937c7a9d09b30908d047
-
SSDEEP
3072:Vi9+DAhZUQblIoI1aXcTHsG5Fqdhkrzpium:Vi9+cUCguOz
Malware Config
Extracted
redline
$
31.41.244.135:19850
-
auth_value
66623f79e2af33286760f5dd6c4262dc
Signatures
-
Redline family
Files
-
4372-161-0x0000000000400000-0x0000000000438000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ