redline | 1292-54-0x0000000004770000-0x00000000047B6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1292-54-0x0000000004770000-0x00000000047B6000-memory.dmp
Size

280KB
MD5

f8abbd14e89b8261ffa8498419875f8d
SHA1

35f3ae226f8e725db00ab9833ec9d12f0979a822
SHA256

5dd42502f1f226d3a00734131a701d173b238fb0120c93ed670d176dc582cd22
SHA512

c27d640faa2351e4d0beefea20ac772bbbca233a8d0297f8a744d15f4974db0c2127c6bd0b8d431ea41677ba0971ae9952418f3d3d56c8328c25689b95a61f04
SSDEEP

3072:he6j4ELN6FY9CYTk/XesXDCwrsmLoJNT4A1MiYo40KaFpsh0zniVavP6xNn2pU9K:o6ji0Q/j+wzLoJNT5ME/sh8nN

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1292-54-0x0000000004770000-0x00000000047B6000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ