Behavioral task
behavioral1
Sample
2840-116-0x00000000003D0000-0x0000000000400000-memory.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
2840-116-0x00000000003D0000-0x0000000000400000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
2840-116-0x00000000003D0000-0x0000000000400000-memory.dmp
-
Size
192KB
-
MD5
e45f10cdbdca2cc5028ee179178b4c45
-
SHA1
bb1e3775288e329e7ea18bc1d6baec6800e7b913
-
SHA256
0f474527cf2baca49b084f8503931b316f5a6fb7c16256e57b5e36cac61e246b
-
SHA512
0d24a787c1f1f3f8c3b62f2de5e18849923b764f783bd039048e35184fa948369d80d00f273ade3aec5da2925073736b9388dc4766ad214837de8f75c7e6b958
-
SSDEEP
1536:GlBA36sv0W7T1sjvrHzbNSISuiiB0J57TNyQGxNXLYQLrbuLh8yrEHVF+0GkR68U:GrqCnNsZWSZ5GxN8yi8yIHVF+Z8e8hO
Malware Config
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2840-116-0x00000000003D0000-0x0000000000400000-memory.dmp
Files
-
2840-116-0x00000000003D0000-0x0000000000400000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ