Behavioral task
behavioral1
Sample
fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe
Resource
win7-20240903-en
General
-
Target
f0aaf1b673a9316c4b899ccc4e12d33e.bin
-
Size
116KB
-
MD5
5d94283b7257081ee6bf187703d4c970
-
SHA1
4bf045392a4d9ea30efd89d90d415f1a2cbce698
-
SHA256
78a6286951ae1ea0425e2726eb61c6fdaff91731a25c826cc5167f4b2f2eefa1
-
SHA512
4f3853dff3d311b5361e17c8a95a9db3c6c14fae8b6344830e1111c9c6819739fa528878b87bf1cd4060ca898f637d9b8d7bd23840d5f28d587927438ede484c
-
SSDEEP
3072:2HV+nkF0cho46FZj28vPvHlLrNTRd4Lqt2f/el1CLs:GV+A0cp8wMvVXdtt2f/CwA
Malware Config
Extracted
redline
fvcxcx
185.81.68.147:1912
Signatures
-
RedLine payload 1 IoCs
resource yara_rule static1/unpack001/fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe
Files
-
f0aaf1b673a9316c4b899ccc4e12d33e.bin.zip
Password: infected
-
fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ