Behavioral task
behavioral1
Sample
1988-54-0x0000000000250000-0x0000000000276000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1988-54-0x0000000000250000-0x0000000000276000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1988-54-0x0000000000250000-0x0000000000276000-memory.dmp
-
Size
152KB
-
MD5
a9789ccf4503524ee80d25eac376d14a
-
SHA1
d669a6aa5e83c1c7918b54b56ddfc8ff4de37fc2
-
SHA256
72d5a7a629f13cb4c441c47d9910d7fd4a1ca72f0a7976b8fe3c7a97903b7540
-
SHA512
f23a56f319c4bb1c2578c1f2328d034315c0e69e710af3ab69c2942f350866385705768ed39ceb94b4209cf44a28354fbdba2f257db60a442f1148268e6f5e1b
-
SSDEEP
1536:ZatcnVHT1+/oXHZmy+fCGeK7jS8VuBm3hUjfSbV77mOmAhsYgibfbFDKsRR:0tcZZRaKGeotu0QmB/IYgafJlR
Malware Config
Extracted
redline
CLOUD YT TEAM
176.123.9.85:16482
-
auth_value
a8d74ed165e7e003f2ebfae75f9a3bdd
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1988-54-0x0000000000250000-0x0000000000276000-memory.dmp
Files
-
1988-54-0x0000000000250000-0x0000000000276000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ