Behavioral task
behavioral1
Sample
2900-12-0x0000000000280000-0x00000000002BC000-memory.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
2900-12-0x0000000000280000-0x00000000002BC000-memory.exe
Resource
win10v2004-20231130-en
General
-
Target
2900-12-0x0000000000280000-0x00000000002BC000-memory.dmp
-
Size
240KB
-
MD5
8e7d0f2f90ee9a876940582319c58aee
-
SHA1
ca25c97fa6408c705643cc21aade0bc6dd2568a6
-
SHA256
d10c66c4aa865c3923dc4d6324c5b30faaceeb2972cdc83a6704cb0c9ace3706
-
SHA512
be01260448ecda523e3a35f5b9b74711c45482ecb1a4ee989cc356b596204bf2ef9e31bd3779b94ee7922de5f0cb4a48f579bce5b67057f142677fb444e9b4f2
-
SSDEEP
6144:GC4gdz070NgcoTrFzO2DzzzzzzHLzzzzzzzrzzzzzzzzzzzzzDzzzzzzL7z30yfE:EO5NgcoTrp9LrorsI
Malware Config
Extracted
redline
LiveTraffic
77.105.132.87:6731
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2900-12-0x0000000000280000-0x00000000002BC000-memory.dmp
Files
-
2900-12-0x0000000000280000-0x00000000002BC000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 176KB - Virtual size: 175KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ