Behavioral task
behavioral1
Sample
2768-125-0x0000000000350000-0x000000000038E000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2768-125-0x0000000000350000-0x000000000038E000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2768-125-0x0000000000350000-0x000000000038E000-memory.dmp
-
Size
248KB
-
MD5
9772c61698895ca5443f145fbeac12e9
-
SHA1
4c3c4e886483ac843cc9e6f038c8139e5b46af8e
-
SHA256
6b7cc5ca45ca52e7f5c1f4ce3aea23fb14c302c8e5a2678ed93ce9e1e59122bb
-
SHA512
95cbe5b9d560785307747db2a512d90727fae1e2ba913b88e49ba8d374a507b2275e5ba83eb14fbf321de930d553abdf5a683debb6f5ac9063d14698344cb714
-
SSDEEP
3072:QJctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcRb:mDPGv1NgcUVWCuHF/CXPMxXLEfc
Malware Config
Extracted
redline
@ytlogsbot
176.123.4.46:33783
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2768-125-0x0000000000350000-0x000000000038E000-memory.dmp
Files
-
2768-125-0x0000000000350000-0x000000000038E000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ