redline | 1596-56-0x0000000000400000-0x0000000000428000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1596-56-0x0000000000400000-0x0000000000428000-memory.dmp
Size

160KB
MD5

9e2604670a526fc2afe0c8d18eb42783
SHA1

9997df685d9a813e09bc67b9539c681935ff9de7
SHA256

6e6f8554f6a2b0be672733cb0f1bea6c54158fbe6299754c09d8019f132bc231
SHA512

4faf381118a60679cc6d5c913fe91eff5394c0e3ab00afc18ee8b3e365d79dc7fdbd2b191bc94d85e59002d3e492a91a8d0da2c4ea3aaa5ae1232a26270f41ac
SSDEEP

3072:xSYEAuDeXAEiXj0YAFwhzFjwWQGh6yfE:QYEgXRiXw2A3GhX

Score

10^/10

1606560899 redline

Malware Config

Extracted

Family

redline

Botnet

1606560899

C2

37.220.87.83:25717

Attributes

auth_value
e623c8aef7fa8031b5dc2785362f1a0f

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1596-56-0x0000000000400000-0x0000000000428000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ