Behavioral task
behavioral1
Sample
99196-158-0x00000000011A0000-0x00000000011C2000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
99196-158-0x00000000011A0000-0x00000000011C2000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
99196-158-0x00000000011A0000-0x00000000011C2000-memory.dmp
-
Size
136KB
-
MD5
b03eec16e56cc3a768c7cfe785aa49ea
-
SHA1
65fa6ee3464907b26c91b3124d7809f5f589564f
-
SHA256
faa5a9c14388f9dfc60ebfb1d09a575b9ee8524fdda5c04668bba9bde9e33490
-
SHA512
84568b6c67080b075589b2afab8e7df146d39434dc8b4b7b4397b31f72a608cff0a0503d6227f8d5c9427081e1d8db7819c36e6404ae3906916b6f773c3d69fd
-
SSDEEP
3072:8YO/ZMTFF5Q9572bpaUKyBRV9DFtyRPIh0SS0:8YMZMBF5Q9kFaUKyB5KpIhj
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
Files
-
99196-158-0x00000000011A0000-0x00000000011C2000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ