redline | 2996-137-0x0000000000400000-0x0000000000432000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

2996-137-0...ry.exe

windows7-x64

2996-137-0...ry.exe

windows10-2004-x64

Sharing

Static task

static1

@rozebalpedistall_1 redline

1 signatures

Behavioral task

behavioral1

Sample

2996-137-0x0000000000400000-0x0000000000432000-memory.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2996-137-0x0000000000400000-0x0000000000432000-memory.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

2996-137-0x0000000000400000-0x0000000000432000-memory.dmp
Size

200KB
MD5

34691e1bc03b150c751c959aeeec7156
SHA1

c6bfbe25cf4da98f50b84c2f7a426902b3ad4275
SHA256

0e358788ac3ad1bfa187a710715128130764cd7443ab1c2b6d378b5655f431c6
SHA512

40380be0801516717da2f1dbec58d2e20d225205e37a01636e7ff56b9324d00338d7aa8770afce98a08e3c66997f4b8958b431075e0a9700490a5df281177ee7
SSDEEP

3072:bxqZWkCBLanUH4ik/WAeJ5FIh+7xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuk:tqZsk/8Ih

Score

10^/10

@rozebalpedistall_1 redline

Malware Config

Extracted

Family

redline

Botnet

@rozebalpedistall_1

C2

185.244.182.218:2027

Attributes

auth_value
b34cb15a06c902abff71b11247c63ad9

Signatures

Redline family
redline

Files

2996-137-0x0000000000400000-0x0000000000432000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy