redline | 1472-153-0x0000000002120000-0x0000000002166000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1472-153-0x0000000002120000-0x0000000002166000-memory.dmp
Size

280KB
MD5

662ae58faccb6360f23b412ca4bf4fc8
SHA1

17e540fb8eb3d3b434e76cf3a42f1bcfcbac2f5e
SHA256

1f8aa0670b1c0e14816e28071542d2163c660221263402e51a1defb5b674cc2c
SHA512

81631ebab6e39257ad5d04dcdb6ecb364fa254bea7ded58264ad05298b539fcfa35982284f639a7c97736a67aea67f5361ed50fb963c16055d0b5a7768946320
SSDEEP

3072:9q6j4ELN6FY9Cff3n0sk+wziR/o40DrNwAhFMnImax8EExNn2pU9f2MKTV/wi4lh:c6jiD30sk+wzYZAhunI7x8

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1472-153-0x0000000002120000-0x0000000002166000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ