Behavioral task
behavioral1
Sample
1576-125-0x0000000000090000-0x00000000000BE000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1576-125-0x0000000000090000-0x00000000000BE000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1576-125-0x0000000000090000-0x00000000000BE000-memory.dmp
-
Size
184KB
-
MD5
629ff512a4cf1287ecba184a3ae163d2
-
SHA1
e9303486d20d7bf35e6bb71d9515416b45571ad5
-
SHA256
322b8b5715aab9a2e2c4274c24f6f6d817433ba0d084ad5c8c13912f9a25f651
-
SHA512
fd34b09b442fd44fe8fcd1e455e54106afd8e376a866d1ef47691ec100a4163e4f6864bc241bc1c6acf8e8caf7c2589b32398aba30c44e73f6f19603a424746c
-
SSDEEP
3072:c0zS/8Wu8x0E/wG7GGXTm7qVGMrKzC5k768e8ht:lzv8tIG7GGXq7t9C5k76
Malware Config
Extracted
redline
rocker
83.97.73.127:19045
-
auth_value
b4693c25843b5a1c7d63376e73e32dae
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1576-125-0x0000000000090000-0x00000000000BE000-memory.dmp
Files
-
1576-125-0x0000000000090000-0x00000000000BE000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ