Behavioral task
behavioral1
Sample
1572-122-0x0000000000080000-0x00000000000B2000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1572-122-0x0000000000080000-0x00000000000B2000-memory.exe
Resource
win10v2004-20231215-en
General
-
Target
1572-122-0x0000000000080000-0x00000000000B2000-memory.dmp
-
Size
200KB
-
MD5
c135afbb99a8fbca298a2c3688f1c851
-
SHA1
7d060640a86461af0c7e6cd77df535d9c9b5180b
-
SHA256
a1ca9391be9b741c7ff31dc2b57693fd9543df6e934eff5ff1bef1d6dca00082
-
SHA512
3800b10c80e20d6a3dd7b2f1cfa910d1c03e8f9adb284c1c2163078eef65d1421975cb883486b05224fbee1e0e3a135508cb07b992198d5bc708f6b04528e4a8
-
SSDEEP
3072:GxqZWHzaWAtdsiLe5G80e+o9Gh7nxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOQ:sqZwii5ZzGh
Malware Config
Extracted
redline
socicalbot
149.28.205.74:2470
-
auth_value
9c51f0d7102febd61d441fffb9c4bb47
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1572-122-0x0000000000080000-0x00000000000B2000-memory.dmp
Files
-
1572-122-0x0000000000080000-0x00000000000B2000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ