redline | 1904-54-0x00000000008C0000-0x0000000000900000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1904-54-0x00000000008C0000-0x0000000000900000-memory.dmp
Size

256KB
MD5

a5959c974654576997bde0dc133a5e6a
SHA1

423ec4c523a5981cf69919d96c41d90754f4a3e9
SHA256

0f4bf156e7c8e9091d46dc94372acb977cf7b7e69949fd711c2d7fe47a9642c3
SHA512

90a64ffbb040efa785020a8206babe78deef3576219d80d485372ae7468b4390c5be68565947fb0ea43101c4e99fb55f404956ab94244f840f929027bf0c0f73
SSDEEP

6144:+gk330uQ7r6fvU4YMZMBgcf0T9shXIAVqhfbOC1:+gk33PU4YGMj/Vq1bf1

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1904-54-0x00000000008C0000-0x0000000000900000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ