Behavioral task
behavioral1
Sample
1856-182-0x0000000000490000-0x00000000004C0000-memory.exe
Resource
win7-20240220-en
General
-
Target
1856-182-0x0000000000490000-0x00000000004C0000-memory.dmp
-
Size
192KB
-
MD5
63f6ca5d61cbd04a7a65c9c8ee7902d4
-
SHA1
99e989f64812319e12f86121a01157c567ec0f35
-
SHA256
9421f40a45f874edb9d90af6ef991bd3e16cf90852d0b7fa74b0e5c9ea1705d8
-
SHA512
6613650ac00a9175526c1399223fb87c4f9cd11ca173fb6c928d9e99a78cfd3b6b58c23954fe40a6f094c5b633e3601b734803ef3e10bbedd22dc3a44e669a77
-
SSDEEP
3072:zUUEa9Te3JQBf8td3/oxN1ULH0tyI8e8h4:w7QRyi1tyI
Malware Config
Extracted
redline
mucha
83.97.73.131:19071
-
auth_value
5d76e123341992ecf110010eb89456f0
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1856-182-0x0000000000490000-0x00000000004C0000-memory.dmp
Files
-
1856-182-0x0000000000490000-0x00000000004C0000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ