Behavioral task
behavioral1
Sample
2220-0-0x0000000000250000-0x0000000000280000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2220-0-0x0000000000250000-0x0000000000280000-memory.exe
Resource
win10v2004-20230703-en
General
-
Target
2220-0-0x0000000000250000-0x0000000000280000-memory.dmp
-
Size
192KB
-
MD5
073a251c4ced16fa5c9c9c3d0b2761b8
-
SHA1
fa05aa22830885c23f5a1e9f45592fd33213fe99
-
SHA256
86f49aeb7333b291ef21616010193dcc2ff4a87a822ef79f500f5c3f401132d7
-
SHA512
5b6a0fb84861dea0e5cf1f99bcaa756d936f7e1a03e06363920bc08532accefb8a4cc52f7a63191e48bcd087ec373ee0ab5f1f0598c4f92396a7fc855f19d44f
-
SSDEEP
3072:0U8efIRpBLITnx6xNKmVqoYXyICg+bk8e8h8:0Ucl27rXXyICg+bk
Malware Config
Extracted
redline
@prsvt6666
94.142.138.4:80
-
auth_value
87d1997a564fa7581db209cc71c07a4e
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2220-0-0x0000000000250000-0x0000000000280000-memory.dmp
Files
-
2220-0-0x0000000000250000-0x0000000000280000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ