Behavioral task
behavioral1
Sample
1512-184-0x0000000001000000-0x000000000103E000-memory.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
1512-184-0x0000000001000000-0x000000000103E000-memory.exe
Resource
win10v2004-20231023-en
General
-
Target
1512-184-0x0000000001000000-0x000000000103E000-memory.dmp
-
Size
248KB
-
MD5
6ef24770366fc8d231252848ef9ee196
-
SHA1
d25db6f13a1e0acccbcb6450f8f7de9be68d08bf
-
SHA256
a5dd39229a82a458284943d9a37915b9c2c52b479dea75696d9d3a3603e7534c
-
SHA512
5a4e35d57328fd77e415a8035a2cfbdf2050c51abfab4decfa06099c3f1fb2c22c25bd493a2ed5f6b90f3499ed7c2eac893033029661be4901ae02ae21257bd0
-
SSDEEP
3072:2tJXRMeZYncNgckxQdxCr1d2t/q5yoQVZL53pRzzXZQA4:2JMeucNgckedxCDo/doQVZdZRzzXZQ
Malware Config
Extracted
redline
kukish
77.91.124.55:19071
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1512-184-0x0000000001000000-0x000000000103E000-memory.dmp
Files
-
1512-184-0x0000000001000000-0x000000000103E000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ