Behavioral task
behavioral1
Sample
092b5ca5621b2a04c93f3127c2cccb75bf26f5b314dac20c9cfc78336cfb49f4N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
092b5ca5621b2a04c93f3127c2cccb75bf26f5b314dac20c9cfc78336cfb49f4N.exe
Resource
win10v2004-20241007-en
General
-
Target
092b5ca5621b2a04c93f3127c2cccb75bf26f5b314dac20c9cfc78336cfb49f4N
-
Size
176KB
-
MD5
fa80bde05bc7a3d6557d3cbc1233e4f0
-
SHA1
b029397629503203fc9816d248860a4254f0cb66
-
SHA256
092b5ca5621b2a04c93f3127c2cccb75bf26f5b314dac20c9cfc78336cfb49f4
-
SHA512
8c9e31e2e52980f303caa61cc7876a8ffbd561fd7dbfd34bacfdbc1196d4adbdb4e71a5495d244a5d5f54cdc37ff9811dbe2ea57ae6dd814a14b430c299892ff
-
SSDEEP
3072:pxqZWzvagwoMR3I58ZlHeR5FthXfxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOb:bqZVY8qth
Malware Config
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Signatures
-
RedLine payload 1 IoCs
Processes:
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 092b5ca5621b2a04c93f3127c2cccb75bf26f5b314dac20c9cfc78336cfb49f4N
Files
-
092b5ca5621b2a04c93f3127c2cccb75bf26f5b314dac20c9cfc78336cfb49f4N.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ