redline | 1700-54-0x0000000001F70000-0x0000000001FB6000-memory[.]dmp | Triage

Sharing

General

Target

1700-54-0x0000000001F70000-0x0000000001FB6000-memory.dmp
Size

280KB
MD5

96b44f938dadae29d95b358683796092
SHA1

fa12ad006cf415ab0d69744d1dcaf6ed49b29d6a
SHA256

46dd20002ea8dc61d301addd619d02db53b226635f72d5adfc195cc878eefd36
SHA512

68178fdb45e56700e0485ecf63ee3f71aa38ac76f61bcdc4dd2a511716bfe8207fbc0f5f1f0e49559a8d86ee7cb02db1cf38b8206901aac41d1bbe94f3c97d51
SSDEEP

3072:9d6jIELh610pCJpsSYK2TwPsmLoEiO4QDCPgro40JPTfhXXnToUwitzpeoug0xNF:36j2VpsSYxTwHLoEis4PfhHnToxitwb

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1700-54-0x0000000001F70000-0x0000000001FB6000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ