redline | 183160-282-0x0000000000130000-0x00000000001E8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

183160-282-0x0000000000130000-0x00000000001E8000-memory.dmp
Size

736KB
MD5

3f4ef59539310069b034d925e7fe5379
SHA1

7fd758796d66cc867a7e4a9f19790bbfe6334e18
SHA256

bd25cf88f0daee0fcf3c6c0e6e479e3f3ffdc613c565cb8e2ce5a3bfa7961d1a
SHA512

1e1bdcd3834ce739cdf6b5e0221117c9e5c0e162db40b75091f5bd0a27f6effa20f10c6a444f267f9ce971cd6c759dab993d34c496b81a6e73c1689b2a833cf3
SSDEEP

12288:7D3QE82Bb5Ib7U++2u8ETGPKo8Xhm0p4RjVefo0HPFkp0bufva1A8hKYGM87+jVb:7D3QEH5Ib7U++Kom0CRpefo+L1KYG1sb

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

183160-282-0x0000000000130000-0x00000000001E8000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ