redline | 3224-137-0x0000000000400000-0x0000000000434000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3224-137-0x0000000000400000-0x0000000000434000-memory.dmp
Size

208KB
MD5

c738a77e41066d860e4d4cf63fd08a96
SHA1

09b41972d7bec4f41e15032706de2299895092d6
SHA256

86ee47d5df0d9c85f54dd6bd622e509aad84cbd208e47a69f386115b4c3a8e4c
SHA512

f285a66df0aa3c98fb32c38ffe15452a9efe0dd6ade449437e4c36dcc15edde00b197deeece024b78080ed865e14d66275142a15715736da025d7897e7d1c953
SSDEEP

3072:Xb3jXtE5F7JoZp01V+ArGKOXlr68hKEcJxNn2pU9f2MKTV/wi4lr55R9TxlnsPsv:XzjXtclVVrl8hKE

Score

10^/10

kento redline

Malware Config

Extracted

Family

redline

Botnet

kento

C2

172.245.45.213:3235

Attributes

auth_value
25782da22784dd4df09e2caa33275948

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Files

3224-137-0x0000000000400000-0x0000000000434000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ