Behavioral task
behavioral1
Sample
c7ddf37636aace600910ae764f8eb50443c414bde9f0917b76ca27a4e863a733.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c7ddf37636aace600910ae764f8eb50443c414bde9f0917b76ca27a4e863a733.exe
Resource
win10v2004-20240704-en
General
-
Target
c7ddf37636aace600910ae764f8eb50443c414bde9f0917b76ca27a4e863a733.exe
-
Size
300KB
-
MD5
803f1d34c882d37972a4b2bc59499dc2
-
SHA1
b7e7600ee7bc12257b9cd7b52af7007510adb64c
-
SHA256
c7ddf37636aace600910ae764f8eb50443c414bde9f0917b76ca27a4e863a733
-
SHA512
015478db6340c438d250bdbc4e234ceca782b081fe42aeb0f73931ca76aed444b504d3e2cb221898a3e9798df2b64f0bc798b3c886fbc456cbb003c87a16906d
-
SSDEEP
3072:+cZqf7D34Mp/0+mAQkygQAQEgTLB1fA0PuTVAtkxzt3RQeqiOL2bBOA:+cZqf7DI0nyzjB1fA0GTV8kPwL
Malware Config
Extracted
redline
VIP
173.195.100.68:1912
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c7ddf37636aace600910ae764f8eb50443c414bde9f0917b76ca27a4e863a733.exe
Files
-
c7ddf37636aace600910ae764f8eb50443c414bde9f0917b76ca27a4e863a733.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ