Behavioral task
behavioral1
Sample
320-7-0x0000000000A80000-0x0000000000AFE953-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
320-7-0x0000000000A80000-0x0000000000AFE953-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
320-7-0x0000000000A80000-0x0000000000AFE953-memory.dmp
-
Size
506KB
-
MD5
751d54f21cb102b6a02a027d76cc4646
-
SHA1
d26d0ccba4cacac35c693fcf66ce088b223ed7c7
-
SHA256
c48837dbad984671514e8896124976161f097c0e80aa0d080aaa6acac5f8eeda
-
SHA512
2428421d840eeb65a63044579ef8ea3cf540cf4268f904ed60a5360f72aace2794f5be788dbb2d98042eae18c38d1d9331eac22a65d76a15efd1624153468a8b
-
SSDEEP
6144:KTQeUVQFeI1zQ/k8A5FqY6iFawP4A1X3TAkA6xkcZqf7DInLddPip:beAQFzrJawPb1X3A6xkcUzsn7Pip
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 320-7-0x0000000000A80000-0x0000000000AFE953-memory.dmp
Files
-
320-7-0x0000000000A80000-0x0000000000AFE953-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 134KB - Virtual size: 134KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.bss Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.Right Size: 305KB - Virtual size: 305KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE