Behavioral task
behavioral1
Sample
2220-151-0x0000000000020000-0x000000000003E000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2220-151-0x0000000000020000-0x000000000003E000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2220-151-0x0000000000020000-0x000000000003E000-memory.dmp
-
Size
120KB
-
MD5
764c3514f594904e3398b53a2a3cc13f
-
SHA1
6cd9c45f768acccdfa0c0b155cf643d6ab1400d6
-
SHA256
e34d9d06cc239b2c296e87acb41be8c3bca8e2bd188a9f8d6fc6f5081d2b4d2f
-
SHA512
bcb6743a978b18c579919ee1a2dd8446420a11745bb2a487fff49d070446b013dbdfb8fe680af09ff632e7af1510f25044dca6871112bf70cbdc1e66c5b1cea7
-
SSDEEP
3072:13HcjBPe7NerE+CrFkDSuOkZDcXiqEqVX6:1eGKDRAXb
Malware Config
Extracted
redline
6012068394_99
https://pastebin.com/raw/8baCJyMF
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2220-151-0x0000000000020000-0x000000000003E000-memory.dmp
Files
-
2220-151-0x0000000000020000-0x000000000003E000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ