redline | 1768-54-0x00000000047A0000-0x00000000047E2000-memory[.]dmp | Triage

Sharing

General

Target

1768-54-0x00000000047A0000-0x00000000047E2000-memory.dmp
Size

264KB
MD5

53909ec2476e83b1c67412abe50e22f7
SHA1

2ba5425ff37f761afa3bb1ced0a9ad5038ce05f5
SHA256

d8ab4e930a9deeb9c0c9502d342af93d82e2ebf8270571901558c53f21c041a2
SHA512

032503c6349f60722e26fd14271423a7e43d3ec8d30f5b37140b4b30132350e7329e1dcb166bb04fb91889624e9320ccebb2be0bbe0d4f608f78fe583097d3c3
SSDEEP

3072:REjqzL+epQ7DuRPmWdS/LR3iTPNoe/plBg8hPqO7gcFdWg0oKWj/3:ajqzwDr2GLRSk8hKoa8

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1768-54-0x00000000047A0000-0x00000000047E2000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ