Behavioral task
behavioral1
Sample
0x000600000001662c67_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0x000600000001662c67_JC.exe
Resource
win10v2004-20230831-en
General
-
Target
0x000600000001662c67_JC.dat
-
Size
174KB
-
MD5
358ce97852b840e3c648452abc8516b5
-
SHA1
cd1a0a65f0326e5d477bcf48c3d2d186158dcf47
-
SHA256
9cb36477d6f44c359f21e4f4032cbb5c9e934260f7cfca164427bb34417ce0c1
-
SHA512
2c999ba816f8772cc267952e2f79d13a3075d05a2ee77f3615e04363cd178bc0204d1ea2fa07fca8a57ecafc537a0a944a9d1cb4421f8d9f0428f791467038bf
-
SSDEEP
3072:WFQKcZz8I0G8rlinnOgoLC+Vd2hE0MA9iL2GJg8e8hG:qQp8I0G8Ji68hE0IL2GG
Malware Config
Extracted
redline
jang
77.91.124.82:19071
-
auth_value
662102010afcbe9e22b13116b1c1a088
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0x000600000001662c67_JC.dat
Files
-
0x000600000001662c67_JC.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 134KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ