Behavioral task
behavioral1
Sample
0x0006000000014ee5-116.exe
Resource
win7-20230220-en
General
-
Target
0x0006000000014ee5-116.dat
-
Size
145KB
-
MD5
5273bb56ee7155c4205991ab1a2019d0
-
SHA1
86b265c2a0ce0c897d18880d337bdd100d9bd4ac
-
SHA256
38e0cd060397b6258a1d2bbf29b064caf2aa4ae133cd2d2ec00473fc8f080488
-
SHA512
e8b573be46f11ecfee2d35b662b8def257613ed3011df1eb5cc4d8a68158e35f8b157146573dcf00ceca00cf65875c808e41de24e644659175ad5ecb0d7738eb
-
SSDEEP
3072:YV+m5crQmRSR38AQtQJ8uptt0phbZV8e8h1:YjCZE+phbf
Malware Config
Extracted
redline
luper
77.91.68.253:19065
-
auth_value
474f8e2f629b7bc1a8c7ea1dc39ca043
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x0006000000014ee5-116.dat
Files
-
0x0006000000014ee5-116.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ