Behavioral task
behavioral1
Sample
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
684-3130-0x00000000026C0000-0x0000000002734000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
684-3130-0x00000000026C0000-0x0000000002734000-memory.dmp
-
Size
464KB
-
MD5
cb1efe2022646e7fcc0bfa66aaae1325
-
SHA1
c75385ab2ac3573015ebbec4992cf5785208f095
-
SHA256
87707a5eb60b7188dae09b52b088bff8ecfdb8edf8f344f3522ba958b2c0179c
-
SHA512
40f4560365c41c9efb6de88f3157cee8de4ecd88acc5a4e02a2459aad4c95aec1289e457a24cdf6f66aca3c94f4d7ffcb2ac5f18ebc4ab79dffc6c9caa163741
-
SSDEEP
12288:280gKe0A0PltOoPmL+uD417OMUhSSmNM:H0PltweM
Malware Config
Extracted
redline
Hack
154.17.165.178:10377
-
auth_value
50233687e98ee274b44a32fcc741f9a4
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
Files
-
684-3130-0x00000000026C0000-0x0000000002734000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 370KB - Virtual size: 370KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ