Behavioral task
behavioral1
Sample
2908-23-0x0000000000400000-0x000000000043E000-memory.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
2908-23-0x0000000000400000-0x000000000043E000-memory.exe
Resource
win10v2004-20231023-en
General
-
Target
2908-23-0x0000000000400000-0x000000000043E000-memory.dmp
-
Size
248KB
-
MD5
924d7146b7b75c3b119c4d5e20232bd8
-
SHA1
0d3b6d32605bbe3c536eb72c1e66ec736916f388
-
SHA256
88c8d08ce8e6301541602b1a70479f6d13ec576eea323be83ffe08002f69cbcc
-
SHA512
91f1f0696963932bf3f40a889f210d4e053c587a04ffe1e58abb5fd97723b8371ca5ffd4a091c87b515d865b8cfb981044f8a1444201b59137d24ed33513da53
-
SSDEEP
6144:bVnShH3HnMIGjywNG3n119Yc7jtTKv6Wn:bV2UcFVjtTKv6Wn
Malware Config
Extracted
redline
100k
194.61.2.74:80
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2908-23-0x0000000000400000-0x000000000043E000-memory.dmp
Files
-
2908-23-0x0000000000400000-0x000000000043E000-memory.dmp.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 182KB - Virtual size: 181KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ