redline | 2008-54-0x0000000001F30000-0x0000000001F76000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2008-54-0x0000000001F30000-0x0000000001F76000-memory.dmp
Size

280KB
MD5

3857fab2f00ce8601d25ae75ee34c64f
SHA1

9ae784f473669194dac2d9176afb7edca57414b1
SHA256

4a54bb34e4c3b6bc85d93eabd71941d82dff4ff2245d3d7431e2d0b800783021
SHA512

1f66fc6b94c5293ed00afbeab9bdde6730e2f75afc2435ee0a700836ebdb3eae2df006561cec8aaf23b168b51e8da95ecc29fb0853102f865d53caa4fe4aa2ab
SSDEEP

3072:neq6jYEL5629hC2Fh6NBrGGGiDo40BCsyhIVniLMVxNn2pU9f2MKTV/wi4lr55Rn:eq6jtVh6NpGGGZyhiniL

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

2008-54-0x0000000001F30000-0x0000000001F76000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ