redline | 3408-291-0x0000000000D00000-0x0000000000D40000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3408-291-0x0000000000D00000-0x0000000000D40000-memory.dmp
Size

256KB
MD5

27360c0dcb8f8ef161752e478c36bee0
SHA1

66ebde122c464c481345bb0557a08f46d61536c1
SHA256

6cadcbfdf1862647776ceafc98820c9d090503192f8ede36413fb1901dd76cc0
SHA512

188faeab90c4e3edae7f1ddef8a8b4101c5ffb4a7e1aec359629c321d7bf8e79ca037dc6600174991aaf5f35e5e77be33b48ed55d804d051f26e26367e6ce429
SSDEEP

6144:/UIzHYWMLv6f9YYMZMBgcf0T9shXIAVqhfbCE1:/UIzHZYYGMj/Vq1bt1

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

3408-291-0x0000000000D00000-0x0000000000D40000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ