Behavioral task
behavioral1
Sample
0x0006000000014f02-1062.exe
Resource
win7-20230220-en
General
-
Target
0x0006000000014f02-1062.dat
-
Size
175KB
-
MD5
5721e8c09e9956979340be56cbfdc9a2
-
SHA1
b0152eece96eb3651a678508a37a52328a430991
-
SHA256
f2224e4f94378d4ff16457df4ee4405315c188699ae8c5a5922eecc52d8d88ce
-
SHA512
9cb89040cb3e5b5c79d3fb494dbdd22ac420c8392dcf3c201dd456c8d575b579a9f55d467ebbb8577f700e13c89a2da94c0d23eb6536a51f4644f8559d94583d
-
SSDEEP
3072:6xqZWjfa8oty3BfeT59lhavxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+ca2:oqZCBalh
Malware Config
Extracted
redline
reiv
193.233.20.33:4125
-
auth_value
5e0113277ad2cf97a9b7e175007f1c55
Signatures
-
Redline family
Files
-
0x0006000000014f02-1062.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ