Behavioral task
behavioral1
Sample
3024-41-0x0000000000DA0000-0x0000000001174000-memory.exe
Resource
win7-20240221-en
General
-
Target
3024-41-0x0000000000DA0000-0x0000000001174000-memory.dmp
-
Size
3.8MB
-
MD5
6b71fdd8f1f9038328a59a3add0d2ef1
-
SHA1
44332545b7142fb020553dc8d6e01d6bdf5be4fc
-
SHA256
3c87b34647d231b32d8857ecf8878b402990014931cc2c44596a1a00793e8662
-
SHA512
6e3478c75a90016985959cdedb76af1618f521c3c52da9b23890fccde65591dfb7880c182f426edc0cb4dc86ae3856d1affa6d4ae7c60381eb284a51442f60cb
-
SSDEEP
98304:a0P6oiUwKDrZIgCyILFGjPtHIaH83kT1:a0lIBtFq1H78E
Malware Config
Extracted
redline
bild1
193.233.132.169:37732
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3024-41-0x0000000000DA0000-0x0000000001174000-memory.dmp
Files
-
3024-41-0x0000000000DA0000-0x0000000001174000-memory.dmp.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
Size: 192KB - Virtual size: 192KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 912KB - Virtual size: 912KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ