Behavioral task
behavioral1
Sample
628-117-0x00000000002E0000-0x0000000000310000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
628-117-0x00000000002E0000-0x0000000000310000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
628-117-0x00000000002E0000-0x0000000000310000-memory.dmp
-
Size
192KB
-
MD5
7a1d5224468058e7503e1d1296ba4064
-
SHA1
245932148391d05c467ef05f5dec9bbee4e8f725
-
SHA256
03b75b1706d1f75e9c3cb9791cbab7eb3a612bf6402b9a4ec17ef99d8127a353
-
SHA512
6ffcaec2775f8c13ec9107d797fad3084dbb9fc332547594023940f4d5c1c265d0648b7bf3e23c780f4446abd3a65ff4b05140876b09d3e2e7d0356868a94712
-
SSDEEP
3072:2otDiwyqSVghBGfAGtTjxNKifvWPxnu8e8hy:TibuhM5ZmnPxnu
Malware Config
Extracted
redline
rovno
83.97.73.130:19061
-
auth_value
88306b072bfae0d9e44ed86a222b439d
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 628-117-0x00000000002E0000-0x0000000000310000-memory.dmp
Files
-
628-117-0x00000000002E0000-0x0000000000310000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ