Behavioral task
behavioral1
Sample
2152-83-0x0000000000320000-0x0000000000350000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2152-83-0x0000000000320000-0x0000000000350000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
2152-83-0x0000000000320000-0x0000000000350000-memory.dmp
-
Size
192KB
-
MD5
cbd9b55f7970561fc80e70df4fc7a91e
-
SHA1
28eb4d162a5d50c2d47e0ea0c5d8d5aac677c14d
-
SHA256
71ed91d0141369409694c9abf795e72f21592bc828e7fa062cdb5501ea138982
-
SHA512
e8823186919e806a81ed207cdf13fea7ce987ccbe60b63b0afbca67ae5edc792b9d0ba7caf120250e5176f1d08c9bfa7f21fb9f706d8fb245f99255a9de4f5e1
-
SSDEEP
3072:4tE62xyQ6d+VeXdxNLgVK880EHt8e8hK:oEmOA9S80EHt
Malware Config
Extracted
redline
andre
77.91.124.49:19073
-
auth_value
8e5522dc6bdb7e288797bc46c2687b12
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2152-83-0x0000000000320000-0x0000000000350000-memory.dmp
Files
-
2152-83-0x0000000000320000-0x0000000000350000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ