redline | 1876-153-0x0000000000860000-0x0000000000C24000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1876-153-0x0000000000860000-0x0000000000C24000-memory.dmp
Size

3.8MB
MD5

b1a3766f7095bd3bab69268fdb664a14
SHA1

4f86423eeb9d0af624a541cd7957ebbc4f23ff04
SHA256

4a1cf3cbb8db4f9674bf4cc243b8572431e264ce11f6c11e00ef5333ae1f3b5e
SHA512

4ed911dded6d5ac64091aa57daf306a3a1abee4f55d18807d63721e91e5301584c54789d980d3f210d7815283eeab756613eed2c4ea8f7af47889c88b860a8bd
SSDEEP

49152:aRM2l2YrPxEaT8Ic58/UdZ4WCAK6o7eFNHZ5:aRHl222vInM4WCAKeFNz

Score

10^/10

3.0.0.1 redline

Malware Config

Extracted

Family

redline

Botnet

3.0.0.1

C2

195.133.46.152:30098

Attributes

auth_value
b61fcbd1f87b475d1753fe6411f2847a

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1876-153-0x0000000000860000-0x0000000000C24000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.warsong
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ