Behavioral task
behavioral1
Sample
656-3005-0x00000000003E0000-0x0000000000412000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
656-3005-0x00000000003E0000-0x0000000000412000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
656-3005-0x00000000003E0000-0x0000000000412000-memory.dmp
-
Size
200KB
-
MD5
77e734d0003fc09c2cbf895c611f39d6
-
SHA1
f6631619d73e0f4f3cb831e046ad9f92cd83408e
-
SHA256
ad998be66f6f33111dd51d5ee6f33f1b4caff26b58f71d5f4c48b4f8fc6514fd
-
SHA512
adf5a80c188d6d6f158e7fe722639d7add65af5ee088f669200ad74eda7e1bbcac77cfe493ba0dcd20abaa3423d10cc89fa0cde219d1ed7d2ed7d4834e5ff723
-
SSDEEP
3072:qxqZWPTa9ApGvysmTIea+FSh8txNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwP:YqZvysavSh
Malware Config
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 656-3005-0x00000000003E0000-0x0000000000412000-memory.dmp
Files
-
656-3005-0x00000000003E0000-0x0000000000412000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ