General
-
Target
Dump_At_2BE010_Size_176640.dump
-
Size
192KB
-
MD5
ce7a3aacc45f3680c95c86a9ef24d1b2
-
SHA1
1295963cff83dbc8dd9a2aca7cda5936675ea5e4
-
SHA256
7e5b242ff9ff4bb77bf20d7edf4c2a984d316f91b8d5ffa6035fe25b947f266d
-
SHA512
307ae8b40b8cbba01fddffcb549c6573fcfbc7ec38e5efe61f38c82c9c9169b3c607fb35bd957c491e5fd33892cb353ded6ade020d60273e4158948b93c246f4
-
SSDEEP
1536:lgKedNi036sv0W7TWKygyvHWlLRsBChShr1xNQlYQ/nbux+vlYroYl0GkRk8e8h4:lAIGPVd2CKr1xNHOVvWroYl38e8h4
Malware Config
Extracted
redline
1006
176.123.9.142:14845
-
auth_value
b5da80860b093905c2bba6f9377af704
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Dump_At_2BE010_Size_176640.dump
Files
-
Dump_At_2BE010_Size_176640.dump.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ