Behavioral task
behavioral1
Sample
2172-190-0x0000000000520000-0x0000000000550000-memory.exe
Resource
win7-20230220-en
General
-
Target
2172-190-0x0000000000520000-0x0000000000550000-memory.dmp
-
Size
192KB
-
MD5
f2f5a22e4030e591fc747794c0754bca
-
SHA1
bc25f4b2b69118eddceab3375b583c326b7c17ff
-
SHA256
e434c365d57eb0938a23fbe88a59389a1104603e2e3eb948f92849b77399ce12
-
SHA512
6c5b3996147c37d65b83065f327d0996b514f11f7511923db0a3c6efe42a5eea8a8750e88455db8e59d5b4e2882591a14574fc8ee38d8e3d3c597e2a109cbc07
-
SSDEEP
3072:rWYcGwly5Ci0oxNnGSbEUu/ggOy8e8hD:rGWB00ZqggOy
Malware Config
Extracted
redline
grega
83.97.73.130:19061
-
auth_value
16e2fbc2847b2270b3f0679e2dd76c8d
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2172-190-0x0000000000520000-0x0000000000550000-memory.dmp
Files
-
2172-190-0x0000000000520000-0x0000000000550000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ