Behavioral task
behavioral1
Sample
63b898d7aa9abb97f071c3af1a5109c613b404e394c07f85a73800a9d5920d80.exe
Resource
win7-20230220-en
General
-
Target
0118d41e2d441f57ed8b2b54fc349592.bin
-
Size
128KB
-
MD5
9b19ac865ac5d8d93ccf2dc0a6728f27
-
SHA1
e0f2a27ea1b7b9de1998da0e60496f5f2d09d5ec
-
SHA256
68172432d9af672ab61305aa9280945020c4697c5fa7e844ac0ee5b936253255
-
SHA512
301b29019baecc2ebb742a186fcdb857ddde3b810bc11c97f2a16e322a0cba467267159cc6b763a37c0ebc6a82e7a1de85f2f1847f2e8122d4aa53878c44d47b
-
SSDEEP
3072:FjgWM9prr/q7YuXHhlsyXT2mBzO1NpsmlbK:BZswBlsET2mBC9smQ
Malware Config
Extracted
redline
otr
45.81.243.48:6459
-
auth_value
5f14ae8c16eab4d3db39e1a86bdea1d8
Signatures
-
Redline family
Files
-
0118d41e2d441f57ed8b2b54fc349592.bin.zip
Password: infected
-
63b898d7aa9abb97f071c3af1a5109c613b404e394c07f85a73800a9d5920d80.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 266KB - Virtual size: 266KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ