Behavioral task
behavioral1
Sample
decode_e215c54e22b71b909c6b03505a03b872679edbbf2609342ec9402515fb15ef57.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
decode_e215c54e22b71b909c6b03505a03b872679edbbf2609342ec9402515fb15ef57.exe
Resource
win10v2004-20230703-en
General
-
Target
decode_e215c54e22b71b909c6b03505a03b872679edbbf2609342ec9402515fb15ef57
-
Size
174KB
-
MD5
47a8c1df196bca5ad9a0978fb1bc6190
-
SHA1
a7ab4e666c7eadd448895785caa54d7f430a98cd
-
SHA256
826715c8c8488c93223f5eea64fa5d00638cb8bf040671486fbc2770340850d8
-
SHA512
e542fa8bed58741f76ae8a83b5074b7159f091622f4cc86ce6613cf9c281f4c0fec2184565074ceece8696dd03c5ea02cb5dce88fe07fcf62e6440beee8b5248
-
SSDEEP
3072:MZm+U1wq2I0rI7DEOGloe8QsW3E0aGdevJE8e8hx:8m+w2I0rI7D2zsW3E00vy
Malware Config
Extracted
redline
Test
52.152.223.228:1599
-
auth_value
b0d4c3cee275dd824d66e423268ee5f1
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource decode_e215c54e22b71b909c6b03505a03b872679edbbf2609342ec9402515fb15ef57
Files
-
decode_e215c54e22b71b909c6b03505a03b872679edbbf2609342ec9402515fb15ef57.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 134KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ