redline | 2856-114-0x0000000000320000-0x00000000003AC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2856-114-0x0000000000320000-0x00000000003AC000-memory.dmp
Size

560KB
MD5

d9029313f09f84aa36c80a38d2310fb0
SHA1

de174109b9ff477adf59e42122942680401b14e2
SHA256

8a3daeb56e4478d5c888d77e8a4b18af8ef58a28eb0d01b88b6cfd1cc9ced2a1
SHA512

ddc3d769877d952badefed8889659a28a7e79926032480bd74122b083ffb6c87d982bf9a765f7cccd60990d59b725401ebb61f04b73d3a6ee4e836b779b68155
SSDEEP

12288:ONMeIYRZdBytXjvMNT4Q14hwWBQWnWVZfI:OPbRl2w4QpO

Score

10^/10

lamp redline

Malware Config

Extracted

Family

redline

Botnet

lamp

C2

77.91.68.56:19071

Attributes

auth_value
ee1df63bcdbe3de70f52810d94eaff7d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2856-114-0x0000000000320000-0x00000000003AC000-memory.dmp

Files

2856-114-0x0000000000320000-0x00000000003AC000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JPN
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eo%
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ