Behavioral task
behavioral1
Sample
404-279-0x0000000000490000-0x00000000004C0000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
404-279-0x0000000000490000-0x00000000004C0000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
404-279-0x0000000000490000-0x00000000004C0000-memory.dmp
-
Size
192KB
-
MD5
c7c7c130a6d6c7c64f2ca60fa1b8ad43
-
SHA1
d03a2d9f04bcc608e57c9e395dcab9268e4cdb50
-
SHA256
2de037795a052d219e0f4a4394927ec999341176dd23fe50e278e933b7cdb966
-
SHA512
ef8aa3a1cc239888ebbaf973205c6f8f4237045bd1b8f7f49ba73e8ea48710390da1bb790fe59e7749f9790cf539d8229302c24af4c9754da3344388e2b7e60a
-
SSDEEP
3072:AtE62xyQ6d+VeXdxNLgVK880EHk8e8hK:AEmOA9S80EHk
Malware Config
Extracted
redline
andre
77.91.124.49:19073
-
auth_value
8e5522dc6bdb7e288797bc46c2687b12
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 404-279-0x0000000000490000-0x00000000004C0000-memory.dmp
Files
-
404-279-0x0000000000490000-0x00000000004C0000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ