redline | 620-231-0x0000000000A90000-0x0000000000B49000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

620-231-0x0000000000A90000-0x0000000000B49000-memory.dmp
Size

740KB
MD5

ae72148290aa537fc214bd75a5970949
SHA1

ece0a5a34be9cc14f1fc7f85a08fe7167dcab401
SHA256

2e36989ce714c38d358d15aaded2abb51eaa65ce6eab77b12631f6689d5e7635
SHA512

b36010951ec366b6626801a07b508c9dbd375b3ef0accfe68845d56c443d5c3a54df9a70ee1c0aff9e53a93cb8e6598401c3bc6adb00af1c23e798f4d27bb31b
SSDEEP

12288:SfPjD56H3ucZzXuDADfF3/TY9Y56Hc8EidattKf61+dkrskBDeKuV1Dey6YGM87n:SfPjDo+cZzXuDAh2EiOa61+dkAp6YG1r

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

620-231-0x0000000000A90000-0x0000000000B49000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ