Behavioral task
behavioral1
Sample
1168-217-0x0000000003F00000-0x0000000003F34000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1168-217-0x0000000003F00000-0x0000000003F34000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
1168-217-0x0000000003F00000-0x0000000003F34000-memory.dmp
-
Size
208KB
-
MD5
8792b2606e2ac880207fed87e838ddde
-
SHA1
b1016e7a3f65b70eee12cb73672e5f634a934237
-
SHA256
37b019aef1b6dbf2203d282c0eb757f14b3ac2d8cb9f9a5b3bbcd43596ddc5ab
-
SHA512
3f6e272abaa887e20fbc15fe323a0bb3cd2d2f80fb9136b6ceead8f11aa2aa0b5329996bff6cb67fec2d10b9f2ec05c2da299fa1e73ee67ad66fec0d53a4898c
-
SSDEEP
3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.83.170.21:19447
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1168-217-0x0000000003F00000-0x0000000003F34000-memory.dmp
Files
-
1168-217-0x0000000003F00000-0x0000000003F34000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 152KB - Virtual size: 151KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ