Behavioral task
behavioral1
Sample
cf6077ccea9ed7a0f38bc72c5dad04eb98177df932b43b82680c294b0d201df0.exe
Resource
win7-20240221-en
General
-
Target
cf6077ccea9ed7a0f38bc72c5dad04eb98177df932b43b82680c294b0d201df0
-
Size
102KB
-
MD5
2ff7be0edaa586b1f524a26679298edf
-
SHA1
6aefff158d56c3405ac8624b7e7c9c83a5b5e420
-
SHA256
cf6077ccea9ed7a0f38bc72c5dad04eb98177df932b43b82680c294b0d201df0
-
SHA512
84375f46773af2a82b808f8dcc19f965e25e2dafe899a9e129771a1e8ac70a3d4e5d19bd44db73afc45582d552355b728262631cd7dd4e85a170ffdfdf96ef2b
-
SSDEEP
1536:L0DGkCrBG2IRALcZE3AlB0GFNOEeOSCc+smfspdBbuTxcrCvsrLC:L2CrBGcDARrOEeOGjZrGvOG
Malware Config
Extracted
redline
193.106.191.253:4752
-
auth_value
906ed61b62688f5c2978ccc097ad1c57
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource cf6077ccea9ed7a0f38bc72c5dad04eb98177df932b43b82680c294b0d201df0
Files
-
cf6077ccea9ed7a0f38bc72c5dad04eb98177df932b43b82680c294b0d201df0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ