Behavioral task
behavioral1
Sample
6262f030ef70b50f62a5557764af2af284e66938605461d91cdcc396a445041b.exe
Resource
win7-20230220-en
General
-
Target
6262f030ef70b50f62a5557764af2af284e66938605461d91cdcc396a445041b.zip
-
Size
52KB
-
MD5
5cdf613c45397716827018ba02a07043
-
SHA1
eb4be10f0b67ae31e99ff4c05f7ad741b495a17e
-
SHA256
fa3f7ff4317a6956dc1b73c74ac9d632b8d539580e588b419caffecd9996a22b
-
SHA512
728f7831ad117caeccc7eb088a51ab390107143dae5f50b2ac918388c5a2c639386378435d6c2d7135e4e0ded01c5af6e9cd28465f803214744a9c5e4602a337
-
SSDEEP
1536:+DJ09PEK1LVW+rF0i0o+I8wJAnv/8cJ6+iSS1X:+ItJrmi8Qg/8U6fX
Malware Config
Extracted
redline
dimas
185.161.248.75:4132
-
auth_value
a5db9b1c53c704e612bccc93ccdb5539
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/6262f030ef70b50f62a5557764af2af284e66938605461d91cdcc396a445041b
Files
-
6262f030ef70b50f62a5557764af2af284e66938605461d91cdcc396a445041b.zip.zip
Password: infected
-
6262f030ef70b50f62a5557764af2af284e66938605461d91cdcc396a445041b.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ