redline | 18844-278-0x0000000000E40000-0x0000000000EF8000-memory[.]dmp | Triage

Sharing

General

Target

18844-278-0x0000000000E40000-0x0000000000EF8000-memory.dmp
Size

736KB
MD5

079a828432bc4bd62264e2bb639c7612
SHA1

caedad020657ec5c9e14cf1e42395f0f4cb63f61
SHA256

790ae0890f6ceae7a3d44ef7fc637e3f4e4b2b6ed5b20c6297df47e5ff1644ff
SHA512

af74f97b177e370d4bf2a3d8f6ed5d1b92bf7bd0d376d7ffbfa389eff37fb5461d4a501743556b3e7828928e82f50c6977bdff291fc5eb95271fa5a255d4e32a
SSDEEP

12288:7jXyKXlaA6zCyt10d/vrkH0EizsBtaR6905XICMmuWgE0s8e7gYGM87+jtbhpF:7jXyolaA6zCkuEioBgR69YQRsxgYG1Ep

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

18844-278-0x0000000000E40000-0x0000000000EF8000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ