Behavioral task
behavioral1
Sample
0x0007000000012756-116.exe
Resource
win7-20230220-en
General
-
Target
0x0007000000012756-116.dat
-
Size
145KB
-
MD5
afd62844517c3f51d66279ac0d901039
-
SHA1
d86b825400b4a7951d479d6f8eb83dd3d33a02a5
-
SHA256
d84bb1b98f52e0b83397b78a60ebc20414c0a67c28fa564d57b69d1e9ad2fe1c
-
SHA512
1da268ebb42ce7c8d46106c158033e0f5def485460146d53de54dd4be3c8b561436670cb6b1cefb8a66a4fc38b29c787d48359699f93b79fbc6be2fb0a5149dc
-
SSDEEP
3072:lV+m5czQmRS933BaSrJVcXdhQZJ8e8hL:ljKHYUdhQz
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x0007000000012756-116.dat
Files
-
0x0007000000012756-116.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ