redline | 316-109-0x0000000000890000-0x00000000008D6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

316-109-0x0000000000890000-0x00000000008D6000-memory.dmp
Size

280KB
MD5

d2b7fa0bd09f1b31c23a22e254e0101d
SHA1

8dd9a4b97204d7b47aa2259aaa38654b99d8f824
SHA256

8cf2f3ca1b5158e703060a56eb8351373ae87628e310fbeb03254cfaf86b0052
SHA512

ca35c29f884a7fef166d954a13a329b6575070acd07ab3af3a318dc26869a46ba53f438b3bfa35fee6c7dde0e525eae73d5233844b816011d340878e4ad42bf7
SSDEEP

3072:9+6j4ELH6Vt7CENpmh6sLKR+utY/edHbpiWo40mTJghm0nlQoYKgQmExNn2pU9fQ:46jgppZsLKwuAexbpZghdnlQH5QsB

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

316-109-0x0000000000890000-0x00000000008D6000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ