redline | 1992-57-0x0000000001E10000-0x0000000001E56000-memory[.]dmp | Triage

Sharing

General

Target

1992-57-0x0000000001E10000-0x0000000001E56000-memory.dmp
Size

280KB
MD5

38ed46a1ebb9ec7be8f055e126962212
SHA1

72d3293ffeef90c01e9b897fca6799fa852b4a50
SHA256

769394d8b2e524edf4c41861eb8c528527060ea987ff0a4db2101634d6670583
SHA512

b70500b7358523db8303199859509fe4da73e0e4f1ab2775950a486b6d3a246bf65e12fec164641bd08beb392d978a0b3d3a54d89f69d9adbc1ededc36700f9c
SSDEEP

3072:9Z6j4ELN6FY9C5hI6XFMQ6/eHSCJyDCPgmo40z3bzCh6SnPPuwPIxNn2pU9f2MKo:P6jiFhI6XFMBeHpw4IChnnPPr

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1992-57-0x0000000001E10000-0x0000000001E56000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ