Behavioral task
behavioral1
Sample
06316899.exe
Resource
win7-20230220-en
General
-
Target
06316899.dat
-
Size
167KB
-
MD5
b9af3e044e864972d8e944e8a28ebd02
-
SHA1
c4b509bea40c27d736e4f488be7ee03a75d6e077
-
SHA256
90bf5707ff5714b862e774f444940508c089f048ee6bf19d2ae946012a845348
-
SHA512
0ae899a64a0edd5f1c559aa25b40836b0cd03d48dd79d73b441933d58fe6c86a667b7bac911dc177371bb6fc724ac8812882e3cf28e643158ff333584818e978
-
SSDEEP
3072:irGkzIa8WuPMxNo/i6qVOg+uA+Eie8e8hF:iikzZEPtb+Eie
Malware Config
Extracted
redline
maxi
83.97.73.127:19045
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 06316899.dat
Files
-
06316899.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ