Behavioral task
behavioral1
Sample
449173be2826409ff4173ee21ca1c48408052cdbc6eadd13b94e370c6f9f0a34.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
449173be2826409ff4173ee21ca1c48408052cdbc6eadd13b94e370c6f9f0a34.exe
Resource
win10v2004-20240709-en
General
-
Target
449173be2826409ff4173ee21ca1c48408052cdbc6eadd13b94e370c6f9f0a34
-
Size
300KB
-
MD5
331593ed92a76839f0ade7d43e4ff275
-
SHA1
916c6eebbf8709a79e7455ef34b1764f6363af2a
-
SHA256
449173be2826409ff4173ee21ca1c48408052cdbc6eadd13b94e370c6f9f0a34
-
SHA512
4e86bc0069b7acacaf328afca02e3c88b2b55a49916767756d08003cb03a31e451ac6cb1f72df5daca4e330142bc059f77103e78b924759989bc00e20ff07f19
-
SSDEEP
3072:2cZqf7D340p/0+mAikyIeEQYgMaB1fA0PuTVAtkxzz3RoeqiOL2bBOA:2cZqf7DIMnGfzB1fA0GTV8kVoL
Malware Config
Extracted
redline
NOTHING
strategy-surfing.gl.at.ply.gg:24695
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 449173be2826409ff4173ee21ca1c48408052cdbc6eadd13b94e370c6f9f0a34
Files
-
449173be2826409ff4173ee21ca1c48408052cdbc6eadd13b94e370c6f9f0a34.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ