Behavioral task
behavioral1
Sample
3052-6-0x00000000000F0000-0x0000000000142000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3052-6-0x00000000000F0000-0x0000000000142000-memory.exe
Resource
win10v2004-20240508-en
General
-
Target
3052-6-0x00000000000F0000-0x0000000000142000-memory.dmp
-
Size
328KB
-
MD5
5bcc03bd845f1105d38765a4ec9a140a
-
SHA1
64c8031d91f14bcca682409edca530f38acfdb1b
-
SHA256
f39de1c1de7966b5aac42355db2bbea6d356c6d4e279d5e58d23675d988db34f
-
SHA512
776d52bb85dffe40350525a32c9ffde011f9d72e567095e38775aeadb7fe03d7e87818804de7a091b4ea2cb3f03d3762686c85a617d80c546b6994717798dd5e
-
SSDEEP
3072:72+Lb3YMQ4SvxLMb8gOlN2Z2S8rdNdAXVDnHLtxdhQAgkVMRqT6Dv/YdeqiOL2br:q2b8gOQ2PBjAl3txdyAXVMRqT6D4nL
Malware Config
Extracted
redline
PShebro
185.172.128.33:38294
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3052-6-0x00000000000F0000-0x0000000000142000-memory.dmp
Files
-
3052-6-0x00000000000F0000-0x0000000000142000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 184KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ