redline | 900-56-0x0000000000400000-0x00000000004A6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

900-56-0x0000000000400000-0x00000000004A6000-memory.dmp
Size

664KB
MD5

727b0352b6134b3170c38e1b355342fc
SHA1

06b33e13897d136f56f1129062c006a5d1836c99
SHA256

4a7f1d79a7a98f41cae0ab2b89221ddc3a5d2b1cf40a6298c5ab65f53b2c2e53
SHA512

dd6f8b91c4cbfa7987790d050451de67ec59aa689769f7fc3f76272b7c9abcddfa42043668378ab8ec1e8fd43128fecb4fd82e1c07f0a7ddba560ed8eaa51cc2
SSDEEP

12288:Ur2ia56CW7dS0pUP5YU26TzJCl6nWJhXHn:Uqia56CWjqvzJbU

Score

10^/10

installs3 redline

Malware Config

Extracted

Family

redline

Botnet

installs3

C2

89.22.233.20:36696

Attributes

auth_value
b79efe79ba3d2497f7d70b34f9fc1ea4

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

900-56-0x0000000000400000-0x00000000004A6000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

[email protected]
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Q7c
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ