Behavioral task
behavioral1
Sample
5700-1108-0x0000000000400000-0x0000000000449000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
5700-1108-0x0000000000400000-0x0000000000449000-memory.exe
Resource
win10v2004-20231025-en
General
-
Target
5700-1108-0x0000000000400000-0x0000000000449000-memory.dmp
-
Size
292KB
-
MD5
f4f3581a5a81f6e40bbd52f14d3ed4c4
-
SHA1
f35ccabf09a1f11af7b86eb49b809cc71ceb3593
-
SHA256
b6c1f0b3f4d0d579848b801d15e6e55b7cd53117e8c1a87759497faa4abf8dd2
-
SHA512
46552c768d10694551e589138f88c94f9390ce111746fc758cdae89de5054b66c52663996ba60e4e96c286d784ffbc12105b9b0efa639d505e02903d47c4ec11
-
SSDEEP
3072:575r/6wQrcAyng4InXNgcy9Wy3aPGcntCTt/qhGFlvDYLXZiTtzrD:57N/6ag/XNgcWr3aPu/5FlvDYLpqtL
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5700-1108-0x0000000000400000-0x0000000000449000-memory.dmp
Files
-
5700-1108-0x0000000000400000-0x0000000000449000-memory.dmp.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 225KB - Virtual size: 228KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE