Behavioral task
behavioral1
Sample
1376-135-0x0000000000090000-0x00000000000BE000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1376-135-0x0000000000090000-0x00000000000BE000-memory.exe
Resource
win10v2004-20230221-en
General
-
Target
1376-135-0x0000000000090000-0x00000000000BE000-memory.dmp
-
Size
184KB
-
MD5
72b038903d84743dbbb8bab9b71b51a4
-
SHA1
448924c78a63fd1cdb5d7cf14bc46fc33c6049bb
-
SHA256
9038408af7e66b95311eaa68322a7c76ef66efe75d8894ae9581dbf8b71974fe
-
SHA512
1544d2ef789d322c79fe1caef05f74a696ca4c34c78ad61a52d83e260248a7de0fef1793898e71f4f73e47812b7d3a3910fa904c2be19f744c40df9c60cf7eab
-
SSDEEP
1536:haIRzICbajb+qhVZCGWDdmWPoQ8Wc94NiHjS4Z1oUg6TGqV4VWbuBNkqYvMd84wm:jsznuH8WcaN2jxsqV4cUK1vMdq8e8hJ
Malware Config
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1376-135-0x0000000000090000-0x00000000000BE000-memory.dmp
Files
-
1376-135-0x0000000000090000-0x00000000000BE000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ