Behavioral task
behavioral1
Sample
5056-137-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5056-137-0x0000000000400000-0x0000000000444000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
5056-137-0x0000000000400000-0x0000000000444000-memory.dmp
-
Size
272KB
-
MD5
8b8876e6701584d45cfb6d6f7ca711bd
-
SHA1
41e25aec4e34664761c372746a8c670b262ed5c6
-
SHA256
0309b22edfb7aec7abde141217fefab0f7c0aebbfbe5e3464c4a79d7667094bc
-
SHA512
874d7072f4fad5085e49012d416b428979bab8ce555d460442fe3bf918389e873a8c4b245bddd592acfa1147b0fe94a9194a46c7f8b67091d2af0ac875b9efef
-
SSDEEP
3072:txqZWjHaJIppUZJpM68ImeiE9bhxzPM88g/YfO8JI49RbugQhguaiF:3qZ3ZJpDH5bh5kg/8eb
Malware Config
Extracted
redline
Zhannet
109.107.191.169:34067
-
auth_value
cbbb687b4d3fbd2e8e326586352fc821
Signatures
-
Redline family
Files
-
5056-137-0x0000000000400000-0x0000000000444000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 141KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ