Behavioral task
behavioral1
Sample
5adac427a6eff8b0c1674c6095e2719d5ee46945fd4e397384af02b8ec691045.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
5adac427a6eff8b0c1674c6095e2719d5ee46945fd4e397384af02b8ec691045.exe
Resource
win10v2004-20241007-en
General
-
Target
5adac427a6eff8b0c1674c6095e2719d5ee46945fd4e397384af02b8ec691045.exe
-
Size
304KB
-
MD5
44e17821665477b21d6c50cee97c84ef
-
SHA1
4fc146790747758f49f1fd4375144f000099a6cb
-
SHA256
5adac427a6eff8b0c1674c6095e2719d5ee46945fd4e397384af02b8ec691045
-
SHA512
ab98a8151b41b56d7e59c375541c366df2f83c01ee26a5d1f079f74fb69eac4d229df62d3900eb8db6fd8cae1e420c21b7b9b2b3a44a8b135cb6659b6b70b6dc
-
SSDEEP
3072:0q6EgY6iIrUjatQcwPBgGzXnuTAmthSKMFcZqf7D34teqiOLibBOP:fqY6iwwPZDnuTACh+FcZqf7DIXL
Malware Config
Extracted
redline
38.180.109.140:20007
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5adac427a6eff8b0c1674c6095e2719d5ee46945fd4e397384af02b8ec691045.exe
Files
-
5adac427a6eff8b0c1674c6095e2719d5ee46945fd4e397384af02b8ec691045.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ