redline | 560-75-0x0000000002080000-0x00000000020BC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

560-75-0x0000000002080000-0x00000000020BC000-memory.dmp
Size

240KB
MD5

27f83e83e07f2bee898a778fd00fbc20
SHA1

4e9bb09e3e292ad9f7b043a4697bfac0211a35ba
SHA256

1910fd93999b10d7e141f3227d1f6dac4133ec612e7bb45bce88638ddd55a0d7
SHA512

d920de2add4df36a0a17e13f9d9bd552a77deffe44a3855794f55a6053fed0011cb59122b79227734214c524f138f1dc2b297755814a68b8d15e9fab8d1b9b30
SSDEEP

3072:8jqbLaetQ8suR+vcOJiktPtevdcsngU5Eoe/TGt74Nhv/ONQzfZtzt:8jqz3sFVcGtUdcsZ5j6NhzDZ

Score

10^/10

quarilymmitn.xyz redline

Malware Config

Extracted

Family

redline

Botnet

quarilymmitn.xyz

C2

80.66.87.50:49099

Attributes

auth_value
f88427f0e1cb5da041f5d6d2c6bc3670

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

560-75-0x0000000002080000-0x00000000020BC000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ