Behavioral task
behavioral1
Sample
2356-12-0x0000000000080000-0x00000000000BC000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2356-12-0x0000000000080000-0x00000000000BC000-memory.exe
Resource
win10v2004-20231127-en
General
-
Target
2356-12-0x0000000000080000-0x00000000000BC000-memory.dmp
-
Size
240KB
-
MD5
c9adbcaf24b60743dc3f710f9cab5a15
-
SHA1
88d18c7212a4b3efe328fdb82642d5ddbb1e091a
-
SHA256
775fed48e4dec65227e1069d9d58f2abad7ae6fda5c83ab9d08cc1af18aba606
-
SHA512
0d6aa9352880290a384abcd962bf167602e013d1dc96a6f42acb6703eba81d7cb7ed9c9c1cd6da86144ff850e5e3aedf18e73155c2fe851577dbc59c737fd2c1
-
SSDEEP
6144:nC4gdz070NgcoTrFzO2DzzzzzzHLzzzzzzzrzzzzzzzzzzzzzDzzzzzzL7z30yfE:7O5NgcoTrp9LrorsI
Malware Config
Extracted
redline
LiveTraffic
77.105.132.87:6731
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2356-12-0x0000000000080000-0x00000000000BC000-memory.dmp
Files
-
2356-12-0x0000000000080000-0x00000000000BC000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 176KB - Virtual size: 175KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ