redline | 1780-71-0x0000000001E00000-0x0000000001E3E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1780-71-0x0000000001E00000-0x0000000001E3E000-memory.dmp
Size

248KB
MD5

6e43d6391d8facc3fce2aa7e10387e1c
SHA1

3e59ce4bd6e8b6131befc00637c590fe9df52623
SHA256

c996566f0c433dee8b39ec5d215f69bee67d2850ff5874253494898dbe7fb0dd
SHA512

a2def1db24c1ba0d21d352e9931a383f73ad6c7c33551981fb4924fb5432a077461a98801032e38ee72c4a9fcd7a6ac2fe9dfe52c2f559cdcb1ed90063ee80c6
SSDEEP

3072:sbjq7LmeBQr+TR/MgiRBp4Sy2n6pOOgA1nw/vwAlB1Z1oe/EQh7P9hr9OrqJn6z9:Ujq7w+W/Bp4Sy9pOd9hNY

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1780-71-0x0000000001E00000-0x0000000001E3E000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ