Behavioral task
behavioral1
Sample
2664-251-0x0000000000180000-0x000000000019E000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2664-251-0x0000000000180000-0x000000000019E000-memory.exe
Resource
win10v2004-20231020-en
General
-
Target
2664-251-0x0000000000180000-0x000000000019E000-memory.dmp
-
Size
120KB
-
MD5
d36f4fa93ec208a3499087c3debb2a0b
-
SHA1
1a89c52dcc561b783fdae19bcc930f9f539dc7bd
-
SHA256
bbb71c7efc11a0555a518886ae249e9318897e4cf35b5efce001fcb5c1f8c212
-
SHA512
031f9f5596fff5baca307c16062331cd617f0fdcf2aea574f5c7679a20e7dce84b4be676c9a49d738da652a2e60a8f99c7aa532daf87afe3b09159026cdd417c
-
SSDEEP
1536:Vqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pwl:Tt1FYH+zi0ZbYe1g0ujyzdew
Malware Config
Extracted
redline
pixelscloud2.0
85.209.176.128:80
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
SectopRAT payload 1 IoCs
resource yara_rule sample family_sectoprat -
Sectoprat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2664-251-0x0000000000180000-0x000000000019E000-memory.dmp
Files
-
2664-251-0x0000000000180000-0x000000000019E000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ