Behavioral task
behavioral1
Sample
2620-540-0x0000000001020000-0x000000000105E000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2620-540-0x0000000001020000-0x000000000105E000-memory.exe
Resource
win10v2004-20231020-en
General
-
Target
2620-540-0x0000000001020000-0x000000000105E000-memory.dmp
-
Size
248KB
-
MD5
1ab8e1e7d7af7d086cc4c645d5d36df4
-
SHA1
665095a276bf93e22c2e006f041a9d7c730f2cb3
-
SHA256
83f9508c006254785faf4e738b648793cf47a963c2cfdb8fa8f8c4b092ad9ddf
-
SHA512
a1a4ba8ee2b162e62f508e0b89e9f20f62eafd78cf6ac3efec74fa88c1052086384339879d99dcfc0c3152316016bf787243857be51cdc40076f1e6f9f2a8dab
-
SSDEEP
6144:fmSQQNgcPf2iHv0+9JR/xadbzBNFygk5:OHQNgcPf1JROBNFygk5
Malware Config
Extracted
redline
kinza
77.91.124.86:19084
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2620-540-0x0000000001020000-0x000000000105E000-memory.dmp
Files
-
2620-540-0x0000000001020000-0x000000000105E000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ