Behavioral task
behavioral1
Sample
1520-276-0x0000000000780000-0x00000000007B0000-memory.exe
Resource
win7-20230621-en
General
-
Target
1520-276-0x0000000000780000-0x00000000007B0000-memory.dmp
-
Size
192KB
-
MD5
f7a7f777bb984dc859a96549c5e4a83b
-
SHA1
91f580e73023bb1d784bbfb96127d23b112accbf
-
SHA256
7af8cd880d4cf26d69c03bc4c4b768a708aebb68f539f12443ad380e4c6f7c86
-
SHA512
67ec18f5e3fc49df2c4b863df52c8650021a8ceaf0056dbbaa29bf810c17e2c735deec468ea9647698cd9f0430544cd9cccf8316c24f54ce1225ee6386b226c8
-
SSDEEP
3072:7TsCziRmKPvwL/2rSlllF+HxN6AtjJXOQ8e8hB:7THqXwaWlllF+CMXOQ
Malware Config
Extracted
redline
smoke
83.97.73.131:19071
-
auth_value
aaa47198b84c95fcce9397339e8af9d4
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1520-276-0x0000000000780000-0x00000000007B0000-memory.dmp
Files
-
1520-276-0x0000000000780000-0x00000000007B0000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ