Behavioral task
behavioral1
Sample
2016-243-0x0000000000670000-0x00000000006A2000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
2016-243-0x0000000000670000-0x00000000006A2000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
2016-243-0x0000000000670000-0x00000000006A2000-memory.dmp
-
Size
200KB
-
MD5
2884f931c8b44f4f56a518d68e14c391
-
SHA1
da3270b5184ff60d504d494063c0109f55382bfa
-
SHA256
8144aa796be3274e1312b28ecb19fc593fcecde0eac3ad9e97fda2c0cb0ab8ce
-
SHA512
6c0fb2043f22bfd97abe4ec02dacddd5e42cda6e6d70ff1c5cfd6dbda84d0840d2bf81c9244e94683f1eff4fec33ae4c6e72937b8ba4d5064b53c395f47c0f3f
-
SSDEEP
3072:IxqZWPTa9ApGvgiOTcdkeZ59xhmHxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOF:2qZvgiO6Jxh
Malware Config
Extracted
redline
dubka
193.233.20.13:4136
-
auth_value
e5a9421183a033f283b2f23139b471f0
Signatures
-
Redline family
Files
-
2016-243-0x0000000000670000-0x00000000006A2000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ