Behavioral task
behavioral1
Sample
1572-188-0x0000000000400000-0x000000000042A000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1572-188-0x0000000000400000-0x000000000042A000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1572-188-0x0000000000400000-0x000000000042A000-memory.dmp
-
Size
168KB
-
MD5
cbc6145ae500e33f01db0d2a9356e0e5
-
SHA1
e2b2b06387eaa501293c086f9491aa6ce781462b
-
SHA256
c8304d58d5d33e3db29027eff32a0a5c6929a31fe6ec573b93c2491403998d9e
-
SHA512
3bd94946f8567656bf879e2a7c971df895830d7880b72816f9c55fff291db33d9b39a35df624f7b1c2fe2199bae043f6ffe51dc6588605367ae450cf1c8320d2
-
SSDEEP
3072:8V+m5cVQmRSxHBIvBIDNmggk29/rh2Z18e8hI:8j4lBIDoJhrh2f
Malware Config
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1572-188-0x0000000000400000-0x000000000042A000-memory.dmp
Files
-
1572-188-0x0000000000400000-0x000000000042A000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ