Behavioral task
behavioral1
Sample
3068-247-0x0000000000B90000-0x0000000000BCE000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
3068-247-0x0000000000B90000-0x0000000000BCE000-memory.exe
Resource
win10v2004-20231023-en
General
-
Target
3068-247-0x0000000000B90000-0x0000000000BCE000-memory.dmp
-
Size
248KB
-
MD5
26b0d12695a4d2617a46a10ec54e7d7a
-
SHA1
ca84ed20eab210ae4298ef27e06bbcbd8346e058
-
SHA256
d573d336498dec073e54f0e4a2f3b86ed67a22d5824febbafd8afbc7de4c9fe2
-
SHA512
84ae837a95e193046fb0b90ad627835398505c62e0d91074d6213cc72a56f044b1dc3728a3c60c3b0e7e3015e951c8da9877a2428db1d7a82c40c6b39c821c6b
-
SSDEEP
3072:lihvLpYnXNgc+jZ44OLqNaKe/Gbt/q6ubZovTqpwUybFhyg:l+lYXNgc+144OLquOZ/CZovTqHybFh
Malware Config
Extracted
redline
grome
77.91.124.86:19084
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3068-247-0x0000000000B90000-0x0000000000BCE000-memory.dmp
Files
-
3068-247-0x0000000000B90000-0x0000000000BCE000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ