redline | 4788-138-0x0000000000E90000-0x0000000000ED0000-memory[.]dmp | Triage

Sharing

General

Target

4788-138-0x0000000000E90000-0x0000000000ED0000-memory.dmp
Size

256KB
MD5

b4a558064295c188bfee77f52f2cf8bb
SHA1

922f676e53c91116d48427989bddb80d2c2ee8f9
SHA256

16c8ecc61e976f7c89469bae92bcf005a672f0c9c2c14f9848e1a81819c34f9e
SHA512

84c37a78cbba706e700e1d9734b46704e0ad71dfd7e657f302938dff69ca0c1edcba68b99c4c7417792f7c57fc3b45a9163660af601c93c67af1be719b45bf95
SSDEEP

6144:+7ncV7DU9926ftYMZMBgcf0T9shXIAVqhfbf01:+7ncV7qYGMj/Vq1b81

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

4788-138-0x0000000000E90000-0x0000000000ED0000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ