Behavioral task
behavioral1
Sample
0x00060000000142d9-6565.exe
Resource
win7-20230220-en
General
-
Target
0x00060000000142d9-6565.dat
-
Size
168KB
-
MD5
193ea8b6b05fb5853e6ffe824ecf108c
-
SHA1
98eabd5c4c20bea21bf5d8c7019bebfd46604ceb
-
SHA256
2bf4ff4c74c13cdc07024dc7e76886793783a219a1c511ebfec56d0831bf6309
-
SHA512
5d1394c7e673e0e8dc385ba1de3dd46af28c94ee6601c54b2b6065cf406f36d332eefc07c6f827caeb2403745e3362a615743b50d866a4575b4319da500dfa31
-
SSDEEP
1536:ncJK7qlVZRGW4XqrozC3iGOmE+lrcI2nBCTGqV8buV+jys0ausT83wYk98e8he:nc4VVzxNf3qV0/yNausTb8e8he
Malware Config
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0x00060000000142d9-6565.dat
Files
-
0x00060000000142d9-6565.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ