Behavioral task
behavioral1
Sample
1200-2322-0x0000000001220000-0x0000000001252000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1200-2322-0x0000000001220000-0x0000000001252000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1200-2322-0x0000000001220000-0x0000000001252000-memory.dmp
-
Size
200KB
-
MD5
ff52b3ba954e9e77205f1fc79cc11726
-
SHA1
9ff73c354d71b5094f5f91a0daafe8d2daf7513d
-
SHA256
e613127d738ceea9493d04585df469ebbbcc0d982fac0e571f30ecd9f4a32cf3
-
SHA512
7f41be46724e59cd672d85d728f03b2c4286dbd639f9b4eaaaafafce54e9b05a252080a6170ea56cb6f863760426f7d48bed03c2ac3b236cd0c632e3b53cd2c1
-
SSDEEP
3072:NxqZWZRanU2n0rZaJKd4/eo5YYh8exNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jz:XqZgrZaIqwYh
Malware Config
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1200-2322-0x0000000001220000-0x0000000001252000-memory.dmp
Files
-
1200-2322-0x0000000001220000-0x0000000001252000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ