Behavioral task
behavioral1
Sample
si733448.exe
Resource
win7-20230220-en
General
-
Target
si733448.exe
-
Size
176KB
-
MD5
ef024b692dc604b13f911dd65794a584
-
SHA1
faa24a8a4e572d9e972df64f9e81e174a6c5002d
-
SHA256
8a35b13e3b03c460124863afad893874066b8a6d6297c30d7be85ea508d36274
-
SHA512
18093c0effffb0ccf68737e7a63209f42b1d12bd43cee847cbbbc2429e213dc5a9ef78a90e209f242a3e138d1cd93977ada8e9ae39bc6baf28420a0725fe01ae
-
SSDEEP
3072:pxqZWzvagwoMR3I58ZlHeR5FthXfxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOb:bqZVY8qth
Malware Config
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Signatures
-
Redline family
Files
-
si733448.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ