Behavioral task
behavioral1
Sample
864-122-0x0000000000370000-0x00000000003A0000-memory.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
864-122-0x0000000000370000-0x00000000003A0000-memory.exe
Resource
win10v2004-20230621-en
General
-
Target
864-122-0x0000000000370000-0x00000000003A0000-memory.dmp
-
Size
192KB
-
MD5
d25e113c4aece84d8610dbf84677d125
-
SHA1
bfb826674dc68c26d9b91bd18d9a44ae8ea3e75a
-
SHA256
fb744a0cad8e07c94018d88d5acf36684959d430a8b9b4fcee3e1f76b9e1901c
-
SHA512
28141cb801b4fed7a47c13e42c7563d03d65c24a37351db5c90535a30cdf590b2f0fbd207d56c4e8483674c1b6aa7b8890a09e4e3610e674916793b6dd9a1104
-
SSDEEP
3072:MAF5KBstbkeNKZIhDDxNcaoMczCO68e8hL:JXb33hDYjyO6
Malware Config
Extracted
redline
jako
77.91.124.49:19073
-
auth_value
3db90f2679ab2890874898c7c6d65799
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 864-122-0x0000000000370000-0x00000000003A0000-memory.dmp
Files
-
864-122-0x0000000000370000-0x00000000003A0000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ