Behavioral task
behavioral1
Sample
860-154-0x0000000003160000-0x00000000031A4000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
860-154-0x0000000003160000-0x00000000031A4000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
860-154-0x0000000003160000-0x00000000031A4000-memory.dmp
-
Size
272KB
-
MD5
6ff38fe5983d09742951850603d442dd
-
SHA1
c3ccb26346b5e00348505d117959417b03aab8ab
-
SHA256
c16db2e7922bf516b0b687b2a9c5bd187050dd95bc2d88643f47391983e74bd5
-
SHA512
616c52a68511c8be2a952ee4ca027032d13125570053447979f636e0300061249fc2048859d58bff80f342c3136b26de2838be7b979131354b936ce57065cce6
-
SSDEEP
3072:96jYELp6VFxCCWosai9QFwNsmLo0gacrilo40OTkQhOEnISw+dvoxNn2pU9f2MKL:96j+GosvqFwtLo0yr3QhZnI
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
860-154-0x0000000003160000-0x00000000031A4000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ