Behavioral task
behavioral1
Sample
1020-1-0x0000000000580000-0x00000000005B0000-memory.exe
Resource
win7-20230831-en
General
-
Target
1020-1-0x0000000000580000-0x00000000005B0000-memory.dmp
-
Size
192KB
-
MD5
1cfd2fe6cf633ca085b4f991a682f93d
-
SHA1
2959a835d3c760c62c39300475f84c5a161deba0
-
SHA256
d5a6c118916b9bf6e8c92fe4ca5b205838190edb90b6549206ee3ceba331f300
-
SHA512
3deb604bc20ead2cd888f141d9f3297aff85258f76933c5ea32eb6e60cc35e84cdd84a2057f70f0f350bfcc166c50df771a2741cb5233fc50fadfd6b76716a42
-
SSDEEP
3072:zhuxEBJaVoI0ONwSvO2uyd7wDX2ZLE0eL2T+0Jg8e8hV:oxDoI0ONwSlwDX2ZLE0V+0W
Malware Config
Extracted
redline
@oleh_ps
176.123.4.46:33783
-
auth_value
94ecdfa2eb126d66ce500353b2fa9112
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1020-1-0x0000000000580000-0x00000000005B0000-memory.dmp
Files
-
1020-1-0x0000000000580000-0x00000000005B0000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 134KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ