redline | 788-318-0x0000000000F40000-0x0000000001277000-memory[.]dmp | Triage

Sharing

General

Target

788-318-0x0000000000F40000-0x0000000001277000-memory.dmp
Size

3.2MB
MD5

b1cdc4e1b3c3f0e2176c68906f37cf9b
SHA1

7b5c58936be53752f35ff2d60f610b7fb38dffff
SHA256

f29b6a224067827dd9ee643933b4375021306ec0fbdb2c96d3b1099c81f15bf3
SHA512

cf6cf7783539f818aaca5d6249765dac4f36683241bcfcad6e927ad448e251b80000bfa0716e3d4dbe718cd52f1a7a1a63ff4b2cc548ab1c873c4de6cc06cfe5
SSDEEP

24576:7+szVTIkKC0p8qZsWq24tityGjvd5cNud1XRaeOx:a6tIt8qZsWq2hBJ5JdC

Score

10^/10

newall redline

Malware Config

Extracted

Family

redline

Botnet

newall

C2

deyneyab.xyz:80

Attributes

auth_value
25db96cfa370a37f57d1a769f3900122

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

788-318-0x0000000000F40000-0x0000000001277000-memory.dmp
.exe windows x86

1233a5bfd88ee77f09352b3862080d2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

OffsetRect

advapi32

RegOpenKeyExA

shell32

ShellAboutA

comctl32

ImageList_Draw

mscoree

_CorExeMain

Sections

.tls
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 982KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ