Behavioral task
behavioral1
Sample
1916-487-0x0000000000080000-0x00000000000BC000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1916-487-0x0000000000080000-0x00000000000BC000-memory.exe
Resource
win10v2004-20231020-en
General
-
Target
1916-487-0x0000000000080000-0x00000000000BC000-memory.dmp
-
Size
240KB
-
MD5
10b58c1240906c91ef892d2b6efb04df
-
SHA1
33a713a010d285be5917bc8eb035863351ab4ee6
-
SHA256
98615fd888697645566a7bd856652b1cdf33ec71b20998dda5239dd70c28f35d
-
SHA512
bc53fa2df582d1cb40d541e6b266af0fd3cf0075e0556afb5230c8e8c287866261d225577cf14efaff1fc6bfa0ed0e25e8de0edbb7269d63ab40a65ee4a5ea80
-
SSDEEP
6144:xP+YZ8x7SNgcVYCrx5q2vfO0PX1S+ALFd:xP+YCUNgcVhrCIWuALFd
Malware Config
Extracted
redline
LiveTraffic
195.10.205.17:8122
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1916-487-0x0000000000080000-0x00000000000BC000-memory.dmp
Files
-
1916-487-0x0000000000080000-0x00000000000BC000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 176KB - Virtual size: 175KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ