Behavioral task
behavioral1
Sample
27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d.exe
Resource
win11-20240412-en
General
-
Target
27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d
-
Size
306KB
-
MD5
12b6d7ac92d3766d238212b9b2e41a23
-
SHA1
aae8ddffd81c9d7b663dbe4e4d6c4efc5a749b68
-
SHA256
27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d
-
SHA512
f37af19ed10eb18a5c6d1dbbd6f446b3383e06be2bba0ffaf766546473148ff5b8a06c1c2cd3e3d269d7c4045e84fe50d6575efb64104ef361b9526ce15c9b7e
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d
Files
-
27d355414843c733ab544b22f0b47b91a44d811d773ac5e93936fb4890ca020d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ