Behavioral task
behavioral1
Sample
3a698482dd9203582a5d49390ea27624be7cf93a3b56dddd35e18d4373a4398c.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3a698482dd9203582a5d49390ea27624be7cf93a3b56dddd35e18d4373a4398c.exe
Resource
win10v2004-20241007-en
General
-
Target
e019713eec3151eb60cb193a91a0cd38ea9c13e68cda9cfb8c4113b6086c457a
-
Size
64KB
-
MD5
5aa4985cbc8e90da3d48041588d8ab00
-
SHA1
781b62072d7b5405426a994a85f35a6e477db3f4
-
SHA256
e019713eec3151eb60cb193a91a0cd38ea9c13e68cda9cfb8c4113b6086c457a
-
SHA512
547a7c1f1f5e41de8ef0fdd2a916bfdbd066ae8d25c0bb3c8fb2d0bf0e6168963e8360357f84c0a0fc7f317334edc84b1cda0cabfb07050e5cbcfb0eee90e78a
-
SSDEEP
1536:u1FnjlwawwI++aCbEd39ibD4knoxdnekJbzu9B6O41fIcfsQ:u1FjSawtRasm8v4PvekJba9B6bxSQ
Malware Config
Extracted
redline
mufos
217.196.96.102:4132
-
auth_value
136f202e6569ad5815c34377858a255c
Signatures
-
RedLine payload 1 IoCs
resource yara_rule static1/unpack001/3a698482dd9203582a5d49390ea27624be7cf93a3b56dddd35e18d4373a4398c family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/3a698482dd9203582a5d49390ea27624be7cf93a3b56dddd35e18d4373a4398c
Files
-
e019713eec3151eb60cb193a91a0cd38ea9c13e68cda9cfb8c4113b6086c457a.zip
Password: infected
-
3a698482dd9203582a5d49390ea27624be7cf93a3b56dddd35e18d4373a4398c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ