redline | 2944-151-0x0000000000100000-0x00000000001B8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2944-151-0x0000000000100000-0x00000000001B8000-memory.dmp
Size

736KB
MD5

d46213bd9bc32bd988c9ad376ef3cd97
SHA1

80e65e4258fa9ded6fa28bd8d32fd7225031183f
SHA256

217902667d9e234434cdacf074244b45b53c43af37e0cec08ab4a285f848f585
SHA512

01a2ef6166481ad25c3b06b2da5a244f67bcd934932a5ab7910b940a858f5ef2997bb31137933cd9a68a74e2d21a9f4b17ea468b97427e844806aa1864618d9b
SSDEEP

12288:tcDnIgwoO0mNn7myFgE7sJYiZUpsA2EiwBtogUWl1nifMIua0+eYGMj/Vq1b7:uDIPoO0mR7myFgEwnEiutRUWliM/YG2S

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

2944-151-0x0000000000100000-0x00000000001B8000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ