redline | 1312-70-0x0000000000400000-0x0000000000482000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1312-70-0x0000000000400000-0x0000000000482000-memory.dmp
Size

520KB
MD5

39828b7616d0f516737ed377cb1c49ed
SHA1

8ec6d33c9388fccbd9f20d3a1e6ae08217058664
SHA256

40c1d5ee1c499c8537d878a70537671176d02d0676ceab4280c60257f7a20ae0
SHA512

6fda616b64131a58f06b9cd4c61b04bc32b78117451fc127887e974adcc84654800d577432c8c762e05dae1c921dafce39d94c74ca4d0b803d51aa32159f209b
SSDEEP

6144:UF93k3iJIUpOI5+hdMA1ZLrlxp4aJSPvQ7wvPtj4LmAEZ+I9MQtpE6vOl:RtvVhJ1ZXF4VtCLmAyTW6M

Score

10^/10

57 redline

Malware Config

Extracted

Family

redline

Botnet

57

C2

77.91.122.163:25688

Attributes

auth_value
ad9e32dbbec449eb71b30f7f49f9bb70

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1312-70-0x0000000000400000-0x0000000000482000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.I-G6
Size: 1024B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YM+A
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ