redline | LEM[.]exe | Triage

Sharing

General

Target

LEM.exe
Size

356KB
MD5

dc41a996f5f11fe1599529446f3d494a
SHA1

2f004dcb961b6e6d7acb5895bc60d4190af1e893
SHA256

bf7cd1d54f9cb0b991103e95ece6da246b8716d9b58665034f71e6f365d4f45d
SHA512

72a97f40f42b9af45569cd7bb62d65e72e8edbd9620969dd668e36370e0a20ada793714e103c34688b6738a494f02c5419fc1a7f0ee915a1ccb360e680c9340d
SSDEEP

6144:VsONJKkwf4s94l1/7eOYLPqX/dpx0g6Q1+qtD+5oiDb5KMsvE:+aQBQ44jeOYLPqX1IbQ1btgVMvE

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LEM.exe

Files

LEM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ