Behavioral task
behavioral1
Sample
0x0009000000012302-78.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0x0009000000012302-78.exe
Resource
win10v2004-20230220-en
General
-
Target
0x0009000000012302-78.dat
-
Size
145KB
-
MD5
fe2d269d2d2dc99dbaaa03a12b9697d1
-
SHA1
2772b106d4694301cbd9c9b69f86c2f1867c8aa9
-
SHA256
5d928481d560c92fd75ab0c2753a3658919eb148a1e53b1ea2b14246c6ed3eb1
-
SHA512
362fe0f737b5ce4840eda67545a3b7006baa5589edbc5adefe1fcd98fb12eedaa44e1d86fda764d88724d5291cd0589f7f7ac380dd6809f204ad7f06eee670a3
-
SSDEEP
3072:vV+m5cVQmRSx9WCEkEhPW67V8BjVhtZN8e8ht:vj4oihwlVht3
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x0009000000012302-78.dat
Files
-
0x0009000000012302-78.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ