redline | 4472-142-0x0000000002340000-0x0000000002386000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4472-142-0x0000000002340000-0x0000000002386000-memory.dmp
Size

280KB
MD5

c79a032c7d0b64402ca1c7a7411f855a
SHA1

eef15dec2b10c41e28af2dc2962bad1bef03b476
SHA256

4fcc102140322ba1673265784f64f1d8359cf670acc7defa459e275acc8350a8
SHA512

12ec7b0d4762d7e7ef112f603eea84c2f642d12023e8b863a781dca9a142887ba2c173f89169817a1dca1e85e2a5104501f544e8e66c624bd635e294a63b2476
SSDEEP

3072:Lk6jgELP6F6DCnuYFQB+e/ewGsvLS9Eo4012OChcTn1Xz4xNn2pU9f2MKTV/wi4q:w6jQyYgne1svLSfCh8n1X

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

4472-142-0x0000000002340000-0x0000000002386000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ