Behavioral task
behavioral1
Sample
0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538.exe
Resource
win10v2004-20240412-en
General
-
Target
0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538
-
Size
304KB
-
MD5
41a5b2dc66d77b7699a4a91f4e119f15
-
SHA1
9ae487edcc7a581df4f91950b1c218287860ed8a
-
SHA256
0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538
-
SHA512
06be92c8a2197ead057858125fb95a11a21e2dd6f3dc8044eaafffc04f2bdf2106b84c829955c50787e2f407a62248ac4ebb3128b4e93559c67d1c76da822761
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538
Files
-
0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ