Behavioral task
behavioral1
Sample
800-117-0x00000000003A0000-0x00000000003D0000-memory.exe
Resource
win7-20240221-en
General
-
Target
800-117-0x00000000003A0000-0x00000000003D0000-memory.dmp
-
Size
192KB
-
MD5
c9e45ddec8ddd056001fb67cff6303c0
-
SHA1
928f25a1eb566e0913f3c789f7873c44b8b397b6
-
SHA256
6a2b77d1ab605cbbaa51cae16f0fed798e59258657c5c9f5bb743f477ac3b8a1
-
SHA512
57f5c901275424f2b6bfe7bbfcac113bea4bbec83d6b7417cc4f86ff4411a5c7f479ecfb5d951cfad9349f8caf24f683c02e54d19fa2dc98d2457d661eb359f6
-
SSDEEP
1536:GsJdT36sv0W7T6IS+rHC1rRiX0WxJm6tVODxNuGYQj9buHxeBrKY0GkRU8e8hq:GsDpxYtkX08tMDxNqUiKrKY78e8hq
Malware Config
Extracted
redline
grom
83.97.73.129:19071
-
auth_value
2193aac8692a5e1ec66d9db9fa25ee00
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 800-117-0x00000000003A0000-0x00000000003D0000-memory.dmp
Files
-
800-117-0x00000000003A0000-0x00000000003D0000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ