Behavioral task
behavioral1
Sample
5fd8ae7c3a0882f6d183aab0c00c3f1d29fc5cffd3746aa26e4a3be9036b5f53.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
5fd8ae7c3a0882f6d183aab0c00c3f1d29fc5cffd3746aa26e4a3be9036b5f53.exe
Resource
win11-20240412-en
General
-
Target
5fd8ae7c3a0882f6d183aab0c00c3f1d29fc5cffd3746aa26e4a3be9036b5f53
-
Size
306KB
-
MD5
de6d1c8f8606beb14614f6ee6746286b
-
SHA1
86d93b5c96e831bc164b6b3d5c3b45d6ced1da15
-
SHA256
5fd8ae7c3a0882f6d183aab0c00c3f1d29fc5cffd3746aa26e4a3be9036b5f53
-
SHA512
53ef71f69ec4c5a872625538c528737fa53c80cd9ecaae07a4a47bd21794ab76873ab0daa5b59911265c2798952467c8221bec11df904150fe41c92a0ed0b74c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5fd8ae7c3a0882f6d183aab0c00c3f1d29fc5cffd3746aa26e4a3be9036b5f53
Files
-
5fd8ae7c3a0882f6d183aab0c00c3f1d29fc5cffd3746aa26e4a3be9036b5f53.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ