redline | 1764-106-0x0000000002070000-0x00000000020AC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1764-106-0x0000000002070000-0x00000000020AC000-memory.dmp
Size

240KB
MD5

1858f4eebc0627ec316882845788ca5f
SHA1

4a15f079963cce51876cfb3168c4bdf489151289
SHA256

838dd27dce81bde2bc66c5b10ef7e5498fc4124d19d1cb7b27fe109d94d1e7d1
SHA512

ade0f7154371bc76935814222df25030777b6a51ec07c0dcf3d4c117377f1355372004a1093d0cb1b129ca33e181b4f31ad0483b3ba42dbc6674ca4b0a7f8465
SSDEEP

3072:qjq7LqedQX4ORi2SNsf744TmVfOEy5pqeEPhaToe/LpSVrhhvOMcBJh+SrF:qjqzc4PNa44TmVfOEy5pqXTrhdYJ

Score

10^/10

anubis13 redline

Malware Config

Extracted

Family

redline

Botnet

ANUBIS13

C2

185.215.113.217:25060

Attributes

auth_value
4df54404f211b2ab9f27688b8eb20b17

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1764-106-0x0000000002070000-0x00000000020AC000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ