Behavioral task
behavioral1
Sample
0x000a000000014365-58.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
0x000a000000014365-58.exe
Resource
win10v2004-20230621-en
General
-
Target
0x000a000000014365-58.dat
-
Size
173KB
-
MD5
f13f64ae964a654035bddbbc3c25a2b7
-
SHA1
82de0ca6f8ddd5c9c8340773847270ce6c0c41cd
-
SHA256
6afed915967fee4ea0955776cf95d85d9b7309c37f1e9ca8ca921c55e04cf3d0
-
SHA512
852ad609e495537b39fe5938eb8b9e20f6e9f1a44cd34612693c1fa9d1e24df57bf4f9932f84f194a90db6f18fabf2bc3a307b31871ce3690702c98f1e5932de
-
SSDEEP
3072:HWKe1kiJtebRavRJxNv4nFkbgWoHn8e8hI:HWcUt1RZbgWoHn
Malware Config
Extracted
redline
duza
83.97.73.129:19071
-
auth_value
787a4e3bbc78fd525526de1098cb0621
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0x000a000000014365-58.dat
Files
-
0x000a000000014365-58.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ