Behavioral task
behavioral1
Sample
696883216f499659924d18a4cfd462eae5643fac4ff7167839e85df6b239c1c5.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
696883216f499659924d18a4cfd462eae5643fac4ff7167839e85df6b239c1c5.exe
Resource
win10v2004-20241007-en
General
-
Target
696883216f499659924d18a4cfd462eae5643fac4ff7167839e85df6b239c1c5
-
Size
192KB
-
MD5
0a4401a38f2ccaa815026c1e12c498e5
-
SHA1
9657d0a8297d97990c53871eb37c061c1eb89cdb
-
SHA256
696883216f499659924d18a4cfd462eae5643fac4ff7167839e85df6b239c1c5
-
SHA512
7661f96a993d78466c3941e335cb79a8b156277f0b52ea565947216992cd89f4b85e4f63ef6b47e424f5ee970482df1702f476e6b2252edf58d7f6f4fa7db2fd
-
SSDEEP
3072:WUUEa9Te3JQBf8td3/oxN1ULH0tyl8e8h4:N7QRyi1tyl
Malware Config
Signatures
-
RedLine payload 1 IoCs
resource yara_rule sample family_redline -
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 696883216f499659924d18a4cfd462eae5643fac4ff7167839e85df6b239c1c5
Files
-
696883216f499659924d18a4cfd462eae5643fac4ff7167839e85df6b239c1c5.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 132KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ