Behavioral task
behavioral1
Sample
4436-202-0x0000000000700000-0x000000000072A000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4436-202-0x0000000000700000-0x000000000072A000-memory.exe
Resource
win10v2004-20230221-en
General
-
Target
4436-202-0x0000000000700000-0x000000000072A000-memory.dmp
-
Size
168KB
-
MD5
77e94c8595dae3d08927a4feff61b1ef
-
SHA1
8eabe03de3ed6d795233b992383d0a974f1e4bfd
-
SHA256
add71667d1901fd5e49dde34051fdd1175c948cdebfc88066243dc95cfb54c67
-
SHA512
dd457a17e21b48c622de7201c122c7471e6e458d1ca3eb9d1ca47f5e01af19daa2484e119ae5c6753dfeab7f846271804911f283e63860fe7628fe9cd9c4d27c
-
SSDEEP
3072:PV+m5c/QmRSNp2Tm1bENx3Gh6ZV8e8hU:Pj2w+nGh6f
Malware Config
Extracted
redline
greg
83.97.73.122:19062
-
auth_value
4c966a90781c6b4ab7f512d018696362
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 4436-202-0x0000000000700000-0x000000000072A000-memory.dmp
Files
-
4436-202-0x0000000000700000-0x000000000072A000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ