redline | 1376-55-0x00000000021C0000-0x00000000021FE000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1376-55-0x00000000021C0000-0x00000000021FE000-memory.dmp
Size

248KB
MD5

67ab56c8c89c84225060b5c82c3671d8
SHA1

82787e4bfe05bc9224e25c8efbd1d2af405b026e
SHA256

48e5208a9cabd4fafc6699b11c4ce59d911c8a201138be0a4701532ac7bfbcda
SHA512

1a60fb70c0cccb9f7cc99e1c6dd799d942b9cda2b754648aff4b8e1f97393ae0bcb91e4577009667346da2fba1301db620a7dda6012f9af573b49ec9a04d9b78
SSDEEP

3072:sA4jqrLQenQRonR7aQS7yaTKrYTSdzpqF8H5Ldoe/9GdRshkJO7SlFfYBYQozQtJ:d4jq3Go4X7fTSdzpq+HEshpSU+

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1376-55-0x00000000021C0000-0x00000000021FE000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ