Behavioral task
behavioral1
Sample
n9833169.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
n9833169.exe
Resource
win10-20230831-en
General
-
Target
n9833169.exe
-
Size
174KB
-
MD5
f973e892970ee235ead43cebc02946d2
-
SHA1
daa871b30a39d147f5aa805182aed586a3123f4e
-
SHA256
34732621fff2d26dd867e40898a6f80e0b7f1b76ea9669f73ec92a8a101abb17
-
SHA512
4658e44c7ed839686835de80381d3d5da779327d5943300827a2f1c88d90f3cb4620a0c5627622dbfa553fa7292e05d2cede6a6b5af0f9d8423ee05230d4dcfa
-
SSDEEP
3072:QFUgdzI5dkI0BHjt8sOpVQkeKQqE0yM358JB8e8hv:QFUgdukI0BHjt8SqE0JWX
Malware Config
Extracted
redline
narik
77.91.124.82:19071
-
auth_value
07924f5ef90576eb64faea857b8ba3e5
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource n9833169.exe
Files
-
n9833169.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 134KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ