redline | 1536-150-0x0000000004930000-0x0000000004974000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1536-150-0x0000000004930000-0x0000000004974000-memory.dmp
Size

272KB
MD5

e07be4209a565cbd932ce536df7d0678
SHA1

966b05f0b816a0376e6ca7f32234342094a78b08
SHA256

783dc4f00ce2eca11e5db547c82f8c503ad8320962013555584cd5eda22bca1f
SHA512

27613e392722d5841751a32c878adb871fb84318600f765c5659799af6dece3a4cc046fa3495043c0192c536ba4f779aa7c7c6f18e5e54552f8d6c6e9676554e
SSDEEP

3072:Q6jIELf6FDTCjhnTzO6w/et1WuDCvgxo40TnCch36nycRt7fwxNn2pU9f2MKTV/C:Q6jocuVe3W8Y2chqnycP

Score

10^/10

sony redline

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes

auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1536-150-0x0000000004930000-0x0000000004974000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ