redline | 98316-56-0x0000000000400000-0x0000000000420000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98316-56-0x0000000000400000-0x0000000000420000-memory.dmp
Size

128KB
MD5

90f00f374882247de86cf30eec1b6d81
SHA1

009e5d38656d6c3f8bb2d1f2cf6eb6e033c919e2
SHA256

64ec8d8bc9a52478626ae83f56e88c7ab387e4f88d9304ffd861d14f3cc493d7
SHA512

85492dad946fde53b3c6a8e85aa9c36c54bb60e170ed18e105a597a1709f5d03abece30ed7ee2fcd36e74b3d8f25d404b5a00f1f2008d3bd1b8ee8ff24f8f00e
SSDEEP

3072:uC1s00X1UiklDCnl6ZjT1sp8REu7WGhta:hs04l68p86Gh

Score

10^/10

redline

Malware Config

Extracted

Family

redline

C2

185.215.113.83:60722

Attributes

auth_value
4c5e24a1b9de92d8412663c69008fedb

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

98316-56-0x0000000000400000-0x0000000000420000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ