redline | 4844-223-0x0000000004D50000-0x0000000004D8E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4844-223-0x0000000004D50000-0x0000000004D8E000-memory.dmp
Size

248KB
MD5

3d80db545bd50647195b5dd429ac7864
SHA1

c3cd9674b310cb11becb53784746009deeab1fca
SHA256

ed7e499f69ed0e6f605cc2dca2dbbb07687cf17406907a8d3f3ed29490fc19c6
SHA512

f35558bd3aec73e9218c222e538bc4e4b56077bd8dc2fae28fa3edeee28b13606586152769a85f4f747bf3bf5326b7a37778cc6022cda5981248e86500710ece
SSDEEP

3072:WrjqzL6eNQ4aTRnolhNX8HYf1Q7nHpOOgA5w/ZA3NaPZNoe/h68XhQPOGQMDQfgt:+jqrbailhNxQjpONXheDQ

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

4844-223-0x0000000004D50000-0x0000000004D8E000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ