Behavioral task
behavioral1
Sample
1908-127-0x0000000000090000-0x00000000000BA000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1908-127-0x0000000000090000-0x00000000000BA000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1908-127-0x0000000000090000-0x00000000000BA000-memory.dmp
-
Size
168KB
-
MD5
a22af0e993f4892ad8b6b5e87bf3a55e
-
SHA1
757df7bdac50d5d14d4f86c0b94ad02bdede930c
-
SHA256
6b6e6e5b686f67bfe5bed51b8234eb000997f9f05bc310512d332c691e81ead9
-
SHA512
94fe1ebb668e0595922316caceacab145a121ab4425a7480bb30bc0a3253b461e8f39b0773031187114a072505ff231d1949e4b70a0542769475c3c8904bc1c7
-
SSDEEP
3072:BV+m5cNQmRSxkjU3SDYwihyCNhiZW8e8hZ:BjwhDgpNhiY
Malware Config
Extracted
redline
fash
83.97.73.122:19062
-
auth_value
dd7165bcd22b0ed3df426d944e12f136
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1908-127-0x0000000000090000-0x00000000000BA000-memory.dmp
Files
-
1908-127-0x0000000000090000-0x00000000000BA000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ