Behavioral task
behavioral1
Sample
Radiogram.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Radiogram.exe
Resource
win10-20240404-en
General
-
Target
Radiogram.exe
-
Size
109KB
-
MD5
5d320d4f2e1bb3153392a5b2c78f0b67
-
SHA1
9df777a1ba6eec52666389f874db9d2bb0c65d18
-
SHA256
617ae2cedb4ba05377589c60efcd1ab10df42f8327229935e6ff6a8d7887ac27
-
SHA512
b32698ad92844d25130f16f6fa0095a50a02017013e1a0f185ed1f1a2e9eaf8cbe7d1f3f226f59ca02bd44e219611a4e647b9da2893a7f81b382533a74b5c820
-
SSDEEP
1536:LAbbDr5JdAmS4lZyNVxCuCk+q6wN4c3oJQpZ6FSnH8Nby+xXm8lMg8HI6T:L87k+q6wN8oaYmyoWv7o6T
Malware Config
Extracted
redline
6077866846
https://pastebin.com/raw/KE5Mft0T
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Radiogram.exe
Files
-
Radiogram.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ