Behavioral task
behavioral1
Sample
0x0007000000014fb5-78.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0x0007000000014fb5-78.exe
Resource
win10v2004-20230220-en
General
-
Target
0x0007000000014fb5-78.dat
-
Size
146KB
-
MD5
07360cea1d6ed7318ff53befe54eabc0
-
SHA1
96cedc618dced282e4240b0be1a5612f1038f918
-
SHA256
deb91f5b31c89a61a107c8bb0b3e920144b6004ace7f16a3adb2b0fe07de7972
-
SHA512
878209898d34dd55db49ee3ec1a1de6b465b40d65f002b795d3a44a0dd37fe8a6100a7202c66194d257016f4bc71782595ef889dc1ecda0ddf1735f3fabec8d2
-
SSDEEP
3072:vV+m5cVQmRSx9WCEkEhPW67V8BjVhtZN8e8ht:vj4oihwlVht3
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x0007000000014fb5-78.dat
Files
-
0x0007000000014fb5-78.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ