Behavioral task
behavioral1
Sample
748-116-0x0000000000300000-0x0000000000330000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
748-116-0x0000000000300000-0x0000000000330000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
748-116-0x0000000000300000-0x0000000000330000-memory.dmp
-
Size
192KB
-
MD5
177b3c524bec76abff3ce8b63840ed12
-
SHA1
41c85b5fa10a44f6563670a976dd3da4a2284916
-
SHA256
3bf76b6159e1b85a3d1e525089faa836632098d021355bd3593cc742b7a91e98
-
SHA512
fd084adfa3cd05e342f7953782ba337bd74f14aa13fb0f7c5201cf9a1a50b0565742c58f69b242d34c4d6cef68c00ea8e7a642da52b963ae32267fe0cb935380
-
SSDEEP
1536:OlBA36sv0W7T1sjvrHzbNSISuiiB0J57TNyQGxNXLYQLrbuLh8yrEHVF+0GkR58U:OrqCnNsZWSZ5GxN8yi8yIHVF+a8e8hO
Malware Config
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 748-116-0x0000000000300000-0x0000000000330000-memory.dmp
Files
-
748-116-0x0000000000300000-0x0000000000330000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ