Resubmissions
11-12-2023 03:16
231211-dssfcschb3 10General
-
Target
2680-12-0x00000000003D0000-0x000000000040C000-memory.dmp
-
Size
240KB
-
MD5
376cfd945a8db0a2b981b668c582b06c
-
SHA1
018ab3104308345e7d2e9e724b425c3e207e8efe
-
SHA256
4f49902ed05b63bc69587c0b8db12274f3e6865edfb76c9cf0189b8e11278a88
-
SHA512
95e564915acf620fee7178babca06c81d8369912bc71408774611afcef49533633f04e686216752892d374f5d428680f39ab2f8a32381a7c2f4f1bcd5e474c69
-
SSDEEP
6144:9C4gdz070NgcoTrFzO2DzzzzzzHLzzzzzzzrzzzzzzzzzzzzzDzzzzzzL7z30yfE:5O5NgcoTrp9LrorsI
Malware Config
Extracted
redline
LiveTraffic
77.105.132.87:6731
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2680-12-0x00000000003D0000-0x000000000040C000-memory.dmp
Files
-
2680-12-0x00000000003D0000-0x000000000040C000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 176KB - Virtual size: 175KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ