redline | 1204-54-0x0000000001F60000-0x0000000001FA6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1204-54-0x0000000001F60000-0x0000000001FA6000-memory.dmp
Size

280KB
MD5

ad4fe1ec743d9165d88014c8cd03c3f6
SHA1

02fa68913c644e9c4fe3bc08f276902ee52528e8
SHA256

d4fdb9807ef5725e64afcd9e6ff5cea26433df4df922d2dd88290c2576a708a3
SHA512

15d89d5fe74cccf1e98defecfa90e54e79d8a5b6ea502c3f0611f48552de8f6d6ae5c9c15dfb0053282ce977689b0efeb8a21fe7a3dc98d8c52ce88a410745d8
SSDEEP

3072:926jIELf6FDTCalB9M41vigXM+wXnMvLH9tho40BEl/hUinBTfTxNn2pU9f2MKT0:s6jo9TxpM+wXnMvLHR/hVnB

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1204-54-0x0000000001F60000-0x0000000001FA6000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ