redline | redline[.]dll[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

redline.dll.zip
Size

16.5MB
MD5

fb53f135e9c0dd6b5c50e883c924da4c
SHA1

2d8d7dea997fc426174de3b42be9b5abdc7b2970
SHA256

6a65dd3a05fb093477de0b50aecdcedf851a30003b5369cf9a5900837d6970ee
SHA512

2ccb8785390e4c77e6eaeabdff79701432e22b630e2866b96e8ef91e161c4eeda5cabe82e7553ca962f03151cd2178f3f9ac18edd5438a7e2a432088c246ffd8
SSDEEP

393216:JgdZ2YpUpwT0a4/4xhrQPPXyMwExSUXwX8PFUU10pTGokuEUJjO:JLYpN0a4UhrQXXydb8UW0pTGokCJjO

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/redline.dll	family_redline

Redline family
redline

Files

redline.dll.zip
.zip

Password: infected
redline.dll
.dll windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ