Behavioral task
behavioral1
Sample
2796-32-0x0000000000400000-0x00000000004EE000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2796-32-0x0000000000400000-0x00000000004EE000-memory.exe
Resource
win10v2004-20231222-en
General
-
Target
2796-32-0x0000000000400000-0x00000000004EE000-memory.dmp
-
Size
952KB
-
MD5
791cb72e41101d635d0d066dac5eba01
-
SHA1
5106f2ff215342bd8cb95571e2c3753bd1fe1eb9
-
SHA256
7d82f1be9da8d3490729b07d9aadd3804d8a2f074c7d29b92926196154ce90c5
-
SHA512
e98efa7d1394611ed67fa887387ba6b8c2597266c988136e8b4374aed528ee4432beb40e1e53182c0ed284b1f44073493e526c72644f60451f565ffbf6386f9e
-
SSDEEP
12288:5VzGZ8LS5oZEAcHtMsW8giPv2WzTsgbt/YlyveHlso3nzKClq7gLT:5Vzc8LoZAcGs3Pv2IThRmHlsIjd
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2796-32-0x0000000000400000-0x00000000004EE000-memory.dmp
Files
-
2796-32-0x0000000000400000-0x00000000004EE000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 161KB - Virtual size: 160KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.cSs Size: 694KB - Virtual size: 693KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ