redline | 2408-123-0x0000000004D60000-0x0000000004DBA000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2408-123-0x0000000004D60000-0x0000000004DBA000-memory.dmp
Size

360KB
MD5

9756b2ed7aa9bffecf9c595b16622c57
SHA1

062098b9eea2783aaaa00187f9bbb54401e204b7
SHA256

8251a9f444c99ff69997657b4173f343ba9416d4fa6d2d85316bcb2a0a5f39cd
SHA512

7745decee0e92d2aefde473f4dbefa2c87925ce0a28bb8ad04dc26a81d9206ac3af28a530cde7d544986cb162c5c1847ba17eda6a9f24d3594e0b7414af33c92
SSDEEP

3072:iM9Wl/62XmnHDb3oqn/g0vjLhNcVn2jHZRkArXx:8y2WwqnrvZjHZRkA

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

2408-123-0x0000000004D60000-0x0000000004DBA000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ