redline | 1728-55-0x0000000000F50000-0x00000000012F8000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1728-55-0x...ry.exe

windows7-x64

1728-55-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

@nightsoulwork redline

1 signatures

Behavioral task

behavioral1

Sample

1728-55-0x0000000000F50000-0x00000000012F8000-memory.exe

Resource

win7-20220812-en

redline @nightsoulwork discovery infostealer spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1728-55-0x0000000000F50000-0x00000000012F8000-memory.exe

Resource

win10v2004-20221111-en

redline @nightsoulwork discovery infostealer spyware stealer

windows10-2004-x64

6 signatures

150 seconds

General

Target

1728-55-0x0000000000F50000-0x00000000012F8000-memory.dmp
Size

3.7MB
MD5

53e59393aee1720eed75b0d6b0ab6a34
SHA1

13be09a1a40ac58228aa6a2d98e184ba552048f9
SHA256

24c3a9181d621f73835844ebf9d150d9235256ba8173056273462e79d2b9035d
SHA512

fd68430df6421878a7c5aba0f31efc8015542fd75cc433c20e78402d0cb03061a22481dd95bee783abd80f94c2ec6858962e9f8cf6e42cdc80c1c988a20cec17
SSDEEP

49152:gBEUsJoX6pU6Qr1TuIw55JeLdo6SDns0GKQm1i7/Iu:geZ6XdvrIImsW6SDb1m/

Score

10^/10

@nightsoulwork redline

Malware Config

Extracted

Family

redline

Botnet

@NightSoulWork

C2

151.236.13.3:23023

Attributes

auth_value
d312f292be9ed5347f82e67f09c4d85e

Signatures

Redline family
redline

Files

1728-55-0x0000000000F50000-0x00000000012F8000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy