redline | 856-54-0x0000000001F50000-0x0000000001F96000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

856-54-0x0000000001F50000-0x0000000001F96000-memory.dmp
Size

280KB
MD5

438cf236dc81a270350cd369bb6d63ee
SHA1

abaf5f64b925ff387d7d2dbc4b86c40af4254664
SHA256

e39ac7cb135e1e2df0998d9e5f2ff45988465e1aa37906df849b3d307464c340
SHA512

a335000c4f42df5e0026cf37402ace1c13804a942480591e02d0b5577399b9caff005065ec3b53566090747b5b16a823e5cab77e3554ea51b37d2262891019a6
SSDEEP

3072:Jk6jIELf6FDTCAAOcrsg92DxBqx5CvLS9xo40jjAVAh1OnmhLN8TxNn2pU9f2MKx:i6jobcFS7c4vLSdAh0nmMS

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

856-54-0x0000000001F50000-0x0000000001F96000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ