redline | 4416-145-0x0000000000350000-0x00000000003A6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4416-145-0x0000000000350000-0x00000000003A6000-memory.dmp
Size

344KB
MD5

b206eb2e3986da6d982ca8fd8a94ecb0
SHA1

16fe138014867d2cbd8c2e1811f8888db6c53895
SHA256

db5e9bb8c0fbc1cbc92333ec117935049eba0599be3b2bbc80a06bca9c9b36ac
SHA512

094df812609990968176c4a86f05c80c40f18916112ae32c04ae8ec514f4e3b3d736c9fbf4a3886fb164f084dc073f5dd9e17f4d7a4938ed0a95c7a38f53d2b7
SSDEEP

6144:5vepq9YVj9szDkUfqgPP6yusVzfjkqfAO0YMZMBgcf0T9shXIAVqhfbW8:5Qq9YVj9szDtDVzIqfiYGMj/Vq1bj

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

4416-145-0x0000000000350000-0x00000000003A6000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ