redline | 1108-137-0x00000000020E0000-0x0000000002126000-memory[.]dmp | Triage

Sharing

General

Target

1108-137-0x00000000020E0000-0x0000000002126000-memory.dmp
Size

280KB
MD5

a8e948e97ddea7082ee8ed30b6195bbf
SHA1

5df70ff057e74cec90b0862e5dec2c94ea6ecf0d
SHA256

0eb4d495f6bfb11063ae0e0cc0a1a14971cc2b66136cf418088f73dfefb85549
SHA512

dc1191ada986040d00b149d5e78ed05884e7b6ac2a0431be2abf0e430e3de90005e75e57e657d372274e384b26b316ebc7681280c7917c77fffd36d192a83046
SSDEEP

3072:nvy6joELH6Vt7CsfMvJq9pGzEM+wCFJDC+glo40jLcKhJqnFLpxNn2pU9f2MKTVz:vy6jwbfMvo9pjM+wCFZJsKhYn

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1108-137-0x00000000020E0000-0x0000000002126000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ