Behavioral task
behavioral1
Sample
268-83-0x00000000002A0000-0x00000000002D0000-memory.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
268-83-0x00000000002A0000-0x00000000002D0000-memory.exe
Resource
win10v2004-20230621-en
General
-
Target
268-83-0x00000000002A0000-0x00000000002D0000-memory.dmp
-
Size
192KB
-
MD5
1a9290304cb2c4659df135b2a7daff14
-
SHA1
c5152d8887c88233137022835395c53ba6263a39
-
SHA256
fff86280505b70133e7b28430b5729913163a3dab61c4531f595d275f826d34a
-
SHA512
78c411b179d6d732e15e1235c68b9ef7d1d541921925915ea454eea63bb46bd0b7307091007b490c5292fa03dc7f494ed0d1ae78dce09f0fba9300a5408765bc
-
SSDEEP
3072:+tE62xyQ6d+VeXdxNLgVK880EHF8e8hK:yEmOA9S80EHF
Malware Config
Extracted
redline
andre
77.91.124.49:19073
-
auth_value
8e5522dc6bdb7e288797bc46c2687b12
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 268-83-0x00000000002A0000-0x00000000002D0000-memory.dmp
Files
-
268-83-0x00000000002A0000-0x00000000002D0000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ