redline | 1952-56-0x0000000000400000-0x0000000000432000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1952-56-0x...ry.exe

windows7-x64

1952-56-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1952-56-0x0000000000400000-0x0000000000432000-memory.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1952-56-0x0000000000400000-0x0000000000432000-memory.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1952-56-0x0000000000400000-0x0000000000432000-memory.dmp
Size

200KB
MD5

4bb0a87e2df050f78bb88b717035ad24
SHA1

628423584c9923a758062404c28629ced7a766c8
SHA256

3e7365e8bc0595def2d5d6b6fa2ce720cfd44f4ddef6db20af698733293bc882
SHA512

d0c3f0f9f994188c3df0f423f78cb48aa05605f1b386d24d901bc86111396a00a7f9e9b0bcf36a95b035500b28bbc71446c3c562f1585fc38b75e58a02590c20
SSDEEP

3072:UxqZWJBaKULo3nnv+Kev5FBh0vTxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOu6:qqZInnm5Bhu

Score

10^/10

pub2 redline

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes

auth_value
ea9464d486a641bb513057e5f63399e1

Signatures

Redline family
redline

Files

1952-56-0x0000000000400000-0x0000000000432000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy