Behavioral task
behavioral1
Sample
0x000a00000001af29-1110.exe
Resource
win7-20230220-en
General
-
Target
0x000a00000001af29-1110.dat
-
Size
175KB
-
MD5
6efa25c26be8b5c15a761d31ae6a2d44
-
SHA1
be3e836eb74fae552794b84e230bc7f944deb86b
-
SHA256
121e4e191ce00a7e9c0adecfd344c71117318aac7d2f6ca9b4f9a8cb3f7d5149
-
SHA512
14c49bfb32116a87383f19b09937e6c9a26fec71a1971a7c66fe7e01d39d1d2a5acf50d8e36f87b554a6f75c4afbd4d35895f77758e6a91b922c465a472e8223
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Signatures
-
Redline family
Files
-
0x000a00000001af29-1110.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ