redline | 1252-55-0x00000000023F0000-0x000000000244A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1252-55-0x00000000023F0000-0x000000000244A000-memory.dmp
Size

360KB
MD5

be912b960291bb5eb97a8a9c880be902
SHA1

d09d6d7e2c6467b42d99273a54affa51ac1f5c98
SHA256

1c3cadc8fab5e4152394619cf482a6c6da82cd4474bb9144419cdbff81f53f46
SHA512

e35d1bdb8c9ce8df878cb162bb6cd20f13eb8b43bf49c3197e7a6c0bdc397155671b5f762a4ae131a97733dbf9b81399b76c092c481fde19344c755330f6edbc
SSDEEP

1536:EOfi2rNGc0TjGmnSaPh+aH2p0IPNvxYKqffoCErXLgUbYvsrKoxBW79ojhP5N96o:EuGc5ZmKy4Lh7uo7q9ojNHQfkArcj

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

1252-55-0x00000000023F0000-0x000000000244A000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ