Behavioral task
behavioral1
Sample
1116-125-0x0000000000400000-0x000000000042E000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1116-125-0x0000000000400000-0x000000000042E000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1116-125-0x0000000000400000-0x000000000042E000-memory.dmp
-
Size
184KB
-
MD5
0b067ee1aece475ceabaeed6cc4b570c
-
SHA1
bf69e5712fdba880b1652bbf68c784f35f92189c
-
SHA256
c57853cdc1c6f2f94dc954696ec379772287cffcdb331d9d468af6d59e19fd10
-
SHA512
cb356f08e37a16e8829f61f001ef5833e214928a9f94fffe5de06019c6477a0139ed91ccfbdd0612b03e17504344c8d0f190341ed32a38e5dd890bc108109ebd
-
SSDEEP
1536:/TXbeqhVZCGW+WEVPhq8Wg8fnv5RCNTGqVYFWbuME0aQ5ZDr/e84wYks8e8hH:LLXWb8WgMv75qVYsKaZDr/eZ8e8hH
Malware Config
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1116-125-0x0000000000400000-0x000000000042E000-memory.dmp
Files
-
1116-125-0x0000000000400000-0x000000000042E000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ