redline | 1256-155-0x0000000000C00000-0x0000000000CB8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1256-155-0x0000000000C00000-0x0000000000CB8000-memory.dmp
Size

736KB
MD5

922989baf47f56c8f5cb902cf48731fb
SHA1

3f99c56cb2a4c9e811f431db6911935a5d0a5f54
SHA256

c034159c899e05a5979d834c2ad29e66d600d59e63861550660c48385c849e74
SHA512

77d15ea549346feb87ff0f0ca8a2ffd1786e8893af64326892f0818e69617521a472ddaff3072605d95012aab18674edf595c007c11414f54f4a0410488187fd
SSDEEP

12288:ynQ/L5JOfPRd0RHcPDvdWT4fNQLEiNr6IYbOR0/q2SxqxfuyUoEcYGMWYZhFb:sQ/LQPRd0RHCD+EiZ6pbOR66qxbYGnyb

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1256-155-0x0000000000C00000-0x0000000000CB8000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ