Behavioral task
behavioral1
Sample
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc.exe
Resource
win10v2004-20240412-en
General
-
Target
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
-
Size
305KB
-
MD5
b406bf34d83d6edd352141ff0cbd3f77
-
SHA1
f9a0e8c1dfcda6bfcf7fa8bf7f29d8ff21884412
-
SHA256
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
-
SHA512
9e67354e1c34b6bd300d7af58d5441e14c29442c9d1e928ec60d2e430ce8832d2df44b19853f9d32d65bddc1d7a7d64e3fad144d9e4beb7a6f62c40949b80974
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
Files
-
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ