Behavioral task
behavioral1
Sample
1616-97-0x0000000001E70000-0x0000000001EA0000-memory.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
1616-97-0x0000000001E70000-0x0000000001EA0000-memory.exe
Resource
win10v2004-20230621-en
General
-
Target
1616-97-0x0000000001E70000-0x0000000001EA0000-memory.dmp
-
Size
192KB
-
MD5
2d4e5acb2ab05fda20b53d6c52be67a4
-
SHA1
2279749f1f6c4c350801a10a135b1b85a441c323
-
SHA256
eed942f04e7c0f937914ce4e0b2dffd109bd76e791561543a1d052dab686b030
-
SHA512
db4d3564002645da8733fd053d124ad4180676e43508fe9c1b62095e3618b855b8c6b238dec4065c9d2340c0288e2a2aadacbdfb2a61d0b67828749df4ff4185
-
SSDEEP
3072:2tE62xyQ6d+VeXdxNLgVK880EHz8e8hK:aEmOA9S80EHz
Malware Config
Extracted
redline
andre
77.91.124.49:19073
-
auth_value
8e5522dc6bdb7e288797bc46c2687b12
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1616-97-0x0000000001E70000-0x0000000001EA0000-memory.dmp
Files
-
1616-97-0x0000000001E70000-0x0000000001EA0000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ