redline | 1496-148-0x0000000004870000-0x00000000048B6000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1496-148-0x0000000004870000-0x00000000048B6000-memory.dmp
Size

280KB
MD5

5593aa4b89bb808a259f65d76cef8507
SHA1

5185ff848f5dc6c957c8ba74881ac2b89a399deb
SHA256

7099cd6c308e578eee813baf6f64930ccf572c27b3a0453b922d541f9ac369b8
SHA512

f61a5d637c9abe497e919b9a596eb712b817a93932ed72a620f7567eecfd21a9e70898573dc7eb41c5fcad6f0c6899f09debf2d90d92ee71c66cbddc3f02a1d5
SSDEEP

3072:9a6jYELp6VFxCCWosai9QFwNsmLo0gacrilo40OTkQhOEnISw+dvoxNn2pU9f2M1:I6j+GosvqFwtLo0yr3QhZnI+u

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1496-148-0x0000000004870000-0x00000000048B6000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ