Behavioral task
behavioral1
Sample
580-64-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
580-64-0x0000000000400000-0x0000000000430000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
580-64-0x0000000000400000-0x0000000000430000-memory.dmp
-
Size
192KB
-
MD5
336b0fd16a8cddb15a67fe944eee91e2
-
SHA1
cc714f8fac8f68fcce3585a4c27ac38672f2fa85
-
SHA256
3a0e2b4bd2495d64b63c5a9dbdc700ed2033fdcc0449a9c69509c8a2de1be460
-
SHA512
8a9226e59047f043f9c04a5c47eb753900571d4369633d3ceb16dacd42c62f55c172a45e152561aec3580cc61c75f7ebcaa274b11c277abb148950dcbbf84f30
-
SSDEEP
3072:5qaLm74qpXtmOnJjBawT253uaxfKfVvXgDOL3DNpPL0F0JCb3O3Cb3hNwNIEcC8Q:Tsf7ptSaGh
Malware Config
Extracted
redline
lunovim957.duckdns.org:8641
-
auth_value
435936f79d4bd0cb27b4d87d5223a272
Signatures
-
Redline family
Files
-
580-64-0x0000000000400000-0x0000000000430000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ