Behavioral task
behavioral1
Sample
2580-183-0x0000000000710000-0x0000000000742000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2580-183-0x0000000000710000-0x0000000000742000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
2580-183-0x0000000000710000-0x0000000000742000-memory.dmp
-
Size
200KB
-
MD5
24aafc9d87d03865e38b4474040aac13
-
SHA1
75cfb697fd56e9874d0c97d1ec9358ee7c94fa83
-
SHA256
00075e978db031f9aabb37afdd536081f4da756620f251b905d70a8379904aad
-
SHA512
9ff7925239b2be8af9ff3b61b8690b9fd59229269b6b94fad299329d64f06857ef7ec783201647ba9145b6a583c202877d4b60cb8f564dcc37a1ec58df8f1f89
-
SSDEEP
3072:5xqZWVNaDUSkPMKandeV59lhhvexNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuU:rqZ8MKwClh9
Malware Config
Extracted
redline
ck
176.113.115.17:4132
-
auth_value
7ac4424f89748eae7f5c6a4756d89c28
Signatures
-
Redline family
Files
-
2580-183-0x0000000000710000-0x0000000000742000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ