Behavioral task
behavioral1
Sample
5340-431-0x0000000000590000-0x00000000005CE000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
5340-431-0x0000000000590000-0x00000000005CE000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
5340-431-0x0000000000590000-0x00000000005CE000-memory.dmp
-
Size
248KB
-
MD5
1d640fe4fd1a65feb1c1c099a0d60f01
-
SHA1
bceb2a397d6685ef92cefe4faed70a4d9db461b9
-
SHA256
8e4eb765912d256386b1f43c1da198ebe2769ca56c593479976a6eaf1fcb13a1
-
SHA512
2e743881ebc82801b6da06bc69bc8f6b54f5e98c293145674ee9b949114e8c4ea58024fab16086f003bba2e9469e7a7f28c7ec3762ce6d58989ff040fb4d0a9e
-
SSDEEP
3072:0JctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcRv:yDPGv1NgcUVWCuHF/CXPMxXLEfc
Malware Config
Extracted
redline
@ytlogsbot
176.123.4.46:33783
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5340-431-0x0000000000590000-0x00000000005CE000-memory.dmp
Files
-
5340-431-0x0000000000590000-0x00000000005CE000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ