Behavioral task
behavioral1
Sample
0x000700000001268d-96.exe
Resource
win7-20230220-en
General
-
Target
0x000700000001268d-96.dat
-
Size
168KB
-
MD5
337ad042fff4bff0a48ea6037438aaea
-
SHA1
7a4cf756f31c83fdcfd0da137421ddb156a480ea
-
SHA256
10dd2eba3fa69c6897334487ecc1dc700b21c0c3a13dc9edb0721709625b3711
-
SHA512
246d6d52c781a9bfc802a0a46e3a013644e069565b343233cc66f52122a267e84c544e0876a28246af682fe8032713323fe8d5e2310dad1b4b38c8286e73b0ef
-
SSDEEP
3072:Xe2LW8WlN6BYFiPYqVsgu9BSCG1BJ8e8ha:u226BFYDzQCG1BJ
Malware Config
Extracted
redline
musa
83.97.73.126:19046
-
auth_value
745cd242a52ab79c9c9026155d62f359
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x000700000001268d-96.dat
Files
-
0x000700000001268d-96.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ