redline | 1380-56-0x0000000000400000-0x0000000000535000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1380-56-0x0000000000400000-0x0000000000535000-memory.dmp
Size

1.2MB
MD5

a532f99cb836cf2bd0d61666968b4d0d
SHA1

6cc96721f4bd5abc31320190e8dafbe0ec2d8e45
SHA256

7230a0baa339809283be937e612db90d6aadf126d14aca313108293d2efd1a69
SHA512

90d6a3dd715140acc9247740db60bf9d415ebd0f72ed4ead9899e4e34a922f236f3f91d409062b595dde53bc74d15617488bdb6a303695479b02afd8208b967f
SSDEEP

12288:3QBFWcq8Xsh55/edfPn6NXR8oqQczzR0GDGxXCnf8wbuxm17Lng05zlRSWSvYTUd:3kq8Xsjdmo8owmt+5buWLnL5Bhq

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1380-56-0x0000000000400000-0x0000000000535000-memory.dmp
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 667KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.hbfqm
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 667KB - Virtual size: 667KB

.data Size: 119KB - Virtual size: 119KB

.rdata Size: 43KB - Virtual size: 43KB

/4 Size: 227KB - Virtual size: 227KB

.bss Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 216B

/29 Size: 84KB - Virtual size: 83KB

/41 Size: 5KB - Virtual size: 4KB

/55 Size: 8KB - Virtual size: 7KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 1024B - Virtual size: 686B

/91 Size: 33KB - Virtual size: 32KB

/102 Size: 3KB - Virtual size: 3KB

.hbfqm Size: 3KB - Virtual size: 4KB

.text
Size: 667KB - Virtual size: 667KB

.data
Size: 119KB - Virtual size: 119KB

.rdata
Size: 43KB - Virtual size: 43KB

/4
Size: 227KB - Virtual size: 227KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 216B

/29
Size: 84KB - Virtual size: 83KB

/41
Size: 5KB - Virtual size: 4KB

/55
Size: 8KB - Virtual size: 7KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 1024B - Virtual size: 686B

/91
Size: 33KB - Virtual size: 32KB

/102
Size: 3KB - Virtual size: 3KB

.hbfqm
Size: 3KB - Virtual size: 4KB