Behavioral task
behavioral1
Sample
892bc0522d89dc7a1499b770b8a989a9.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
892bc0522d89dc7a1499b770b8a989a9.exe
Resource
win10v2004-20231025-en
General
-
Target
892bc0522d89dc7a1499b770b8a989a9.bin
-
Size
248KB
-
MD5
892bc0522d89dc7a1499b770b8a989a9
-
SHA1
bedc1d716c85ed3e1ee42b32b59d2981bd8d045f
-
SHA256
12269b71ff1381d86003ea65696070bd230b298ee6b18494db5a50e0ac9e7d08
-
SHA512
15a2b0bef8836f1fbc2e24bd7226ccff2c3f4cc1eac75c25b52ae005712b8b0709294f82aa9746ceeec80c67dab7befffb9c8e889749848a3bc46469bda781be
-
SSDEEP
6144:l1berfGNgciYnARV+VtfBz/6mST32xLD2j:3eTGNgciY/fNe2xLD2j
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 892bc0522d89dc7a1499b770b8a989a9.bin
Files
-
892bc0522d89dc7a1499b770b8a989a9.bin.exe windows:4 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ