Behavioral task
behavioral1
Sample
0x000800000001af3a-151.exe
Resource
win7-20230220-en
General
-
Target
0x000800000001af3a-151.dat
-
Size
168KB
-
MD5
b5c246c78c9c6fd044de60b38b709dca
-
SHA1
cd3bc442247a1426913f80fa570576ddd391bcfd
-
SHA256
1a0625284d2526b9bc9708cb0cfcf7b7e74bfb7c2660bcfddaadc5c82406afbc
-
SHA512
3285c07109cdbe2ec39b214f55f812ae84ac33ee78cb56f806de35ef84db284389e3bcd31952841d749df25335471c006c25147fc0297436f61aed888102ec8c
-
SSDEEP
3072:4UUfOJD8WDEpxKvmE1xqVOM0Xa3ODL0Ht8e8hp:lkOLEpWLd/QODL0Ht
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x000800000001af3a-151.dat
Files
-
0x000800000001af3a-151.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ