redline | 1220-154-0x0000000000690000-0x0000000000748000-memory[.]dmp | Triage

Sharing

General

Target

1220-154-0x0000000000690000-0x0000000000748000-memory.dmp
Size

736KB
MD5

06de532de7281911a144ba8d5aef8a52
SHA1

4c576a9c34bb7a155351a3f3d966cb32aa93cbcf
SHA256

e7d0eaba6f6b85dda5328d67166d050cf58c0be64d446a72ec99fb7207777248
SHA512

ebe8086c3244a296ff968a64c505e9acf7e3547357024e2550b879655e90e543c78852aa1b57349cff93b45471d8d987cca1f980d16bb52524aabf83f56dae3e
SSDEEP

12288:qJr4VbxPvxZM5DsnVyzLbJD28h9YF5Rdnw7Ei6Pjn3iFBILP4B2ull2xiYGMj/Vs:6kBxPvxK5DsnVQLbJ5hrEiaj3iFBHBrz

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1220-154-0x0000000000690000-0x0000000000748000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ