redline | 2416-131-0x0000000000270000-0x00000000002FC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2416-131-0x0000000000270000-0x00000000002FC000-memory.dmp
Size

560KB
MD5

de15cb725cf6463541e8852c4a9493b6
SHA1

f10a232962feb10cb83e322da22da18e015bbcf1
SHA256

1b48e31c2dcf5b8bb0447544b34ba53f7fa46075ba0fd58d8ad08d5a6a4fcc3f
SHA512

4a1cb152cf2cd4fce0d9d29c5093418263d2dc580a157ff570bece38b20e08ce04eb3f3653f0608313b1e420d5915e51488a51c29eede4526ed3813b04610a48
SSDEEP

6144:aKBaRad60v/LTbC6QQXBip/djX0NdeQ1EJ/pUnyTdlUeqbB3i1d9OBa0AqAvL:awFoO3E/tku5i4dldqbBQbsa0AqAvL

Score

10^/10

masha redline

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes

auth_value
55b9b39a0dae383196a4b8d79e5bb805

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2416-131-0x0000000000270000-0x00000000002FC000-memory.dmp

Files

2416-131-0x0000000000270000-0x00000000002FC000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.NSF
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.#df
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ