redline | 1896-55-0x0000000001F20000-0x0000000001F96000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1896-55-0x0000000001F20000-0x0000000001F96000-memory.dmp
Size

472KB
MD5

a40940f604ecb3c7684e26c1cb37d540
SHA1

f4422b5e9d87acd6acb6d161851d10a5cfb54534
SHA256

e859b0f8ae9d51bb8348788d2e6d06eef057ecd2be9ca4a33372b85f8c0988ad
SHA512

d4550e9b57b5c0695e66c289b801382fe8323a9d28bd5fb3ad05ec785f994e10f9dcd71d077215b1baa9232ff9b8cd2762278510d8008dec91bd84f34ecfa3bc
SSDEEP

12288:hdFlCaKPVkBi0HZPXmuFPJPqyfo78MX7GDd:yaKPVBX7GDd

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1896-55-0x0000000001F20000-0x0000000001F96000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 445KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ