Behavioral task
behavioral1
Sample
loader.dll.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
loader.dll.exe
Resource
win10v2004-20230220-en
General
-
Target
loader.dll.exe
-
Size
145KB
-
MD5
7e944f5789a8a226490d2ae03b65148d
-
SHA1
2e233ca174ef5549b91974cd9b2a5d42c7ec98d9
-
SHA256
fa6f65c685c3ae56982dafb088bd00c64395456ea10b80e1d0b887be453df6ec
-
SHA512
b99536151fbf353d09f0eac22ab25af5aad1b3ff8eae0f6bb3c281d17497645c8dd6b0d22c5132a5e39986fd274c122a796279cd0667404e2d99c359ac9ae29e
-
SSDEEP
3072:WV+m5c/QmRSNKDN2W9cVXKHhtZx8e8h2:Wj2+WzHhtb
Malware Config
Extracted
redline
dako
77.91.68.253:41783
-
auth_value
c6bc6a7edb74e0eff37800710e07bee1
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource loader.dll.exe
Files
-
loader.dll.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ