Behavioral task
behavioral1
Sample
753fbc1dfa05d6007c5dfa534a7d019cbb24d07224b67ae9d48c9772039c63cd.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
753fbc1dfa05d6007c5dfa534a7d019cbb24d07224b67ae9d48c9772039c63cd.exe
Resource
win10v2004-20230703-en
General
-
Target
RedLineStealer.zip
-
Size
2.2MB
-
MD5
23e576cf3374a423b059a59bdaee70ec
-
SHA1
00e059bbb45fb3db60b9e053120c14cd26cc6e76
-
SHA256
f21acb874360a1bf19ca35523d521c765a85cee57ef3992032bcb0d5743888e7
-
SHA512
a2dc1e596ab199b44d907ddf61affdf7631983edf7103e85a3a91aa793515608277c3350024e7e3c078f1f5abdcf58d7337d92dc1948c69103d974e01a2f6a6c
-
SSDEEP
49152:FgRl7NbO4FM6P+jRn48HKnDq1Uztw6Y/bRmAcL:SX7NbnFM62jp48HEe2zttsbR6
Malware Config
Signatures
-
resource yara_rule static1/unpack001/753fbc1dfa05d6007c5dfa534a7d019cbb24d07224b67ae9d48c9772039c63cd.exe themida
Files
-
RedLineStealer.zip.zip
Password: infected
-
753fbc1dfa05d6007c5dfa534a7d019cbb24d07224b67ae9d48c9772039c63cd.exe.exe windows x86
Code Sign
41:c8:b2:03:d6:ee:1e:b3:47:e5:ac:c5:1b:49:ea:d0Certificate
IssuerCN=True Wireless Philips TAT2206BK/00 BlackNot Before14-07-2023 10:26Not After15-07-2033 10:26SubjectCN=True Wireless Philips TAT2206BK/00 Black39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before03-05-2023 00:00Not After02-08-2034 23:59SubjectCN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
df:b1:4f:eb:39:9a:0b:88:4a:71:8d:ac:d9:c6:64:ba:65:28:40:42:0d:95:68:17:23:86:eb:24:2c:a9:ce:5fSigner
Actual PE Digestdf:b1:4f:eb:39:9a:0b:88:4a:71:8d:ac:d9:c6:64:ba:65:28:40:42:0d:95:68:17:23:86:eb:24:2c:a9:ce:5fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 331KB - Virtual size: 392KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 123KB - Virtual size: 123KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ