Behavioral task
behavioral1
Sample
2512-0-0x0000000000270000-0x00000000002C4000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2512-0-0x0000000000270000-0x00000000002C4000-memory.exe
Resource
win10v2004-20231215-en
General
-
Target
2512-0-0x0000000000270000-0x00000000002C4000-memory.dmp
-
Size
336KB
-
MD5
9dc5fcfd5448dab8595bc7766a2b26ba
-
SHA1
8013dcf3d9c5d759b4d653cad5cde14c5c6a00d5
-
SHA256
ee4cc25dc45bf30852674a5c5f6966d6060e8492a0e18a7a276cec83b2cc23f5
-
SHA512
ba933b1a8c80b019b4d80747474a906d4e2c9dc9058492e061637a4447389d9c272730b9c52e8cfb68242ac2f5ed407d5093af4f422254e9e0d45362703f30b2
-
SSDEEP
3072:mA05RLsX7+BVOqgnIALM93jam8ZnJ9xFd8KMMRqfjDv/YreqiOL2bBOw:OUXWV2IALMlSxr2MRqfjD41L
Malware Config
Extracted
redline
2yu
95.217.81.77:35530
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2512-0-0x0000000000270000-0x00000000002C4000-memory.dmp
Files
-
2512-0-0x0000000000270000-0x00000000002C4000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 197KB - Virtual size: 197KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ