redline | 3352-147-0x00000000007D0000-0x0000000000888000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3352-147-0x00000000007D0000-0x0000000000888000-memory.dmp
Size

736KB
MD5

f60e12919d6417216f8fcc148f14f106
SHA1

2f62723a4ead28a550791b94c03c4a4077dd113b
SHA256

6d5c448eda64e17f703f61203a565c2164f5f6f3fce27d6e316d4078fb2a4105
SHA512

2fad9a5c1def3520e4e979648528ba0dbfcad19b1b01211ccc1e30369f1278a365515fb2458f3bf8be5107b1e2724f7ef3131470779f1c3db22ab882b96c6b1d
SSDEEP

12288:4i5NKe8cfvfoR/Y868OWArAPcAifXm0JgVpXKR60hBFmu7uJB8o66kvYGM87+jVf:95NKe/foR/Y86+Qm0aVtKR6ID3YG1sbb

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

3352-147-0x00000000007D0000-0x0000000000888000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ