redline | 2620-113-0x0000000000AB0000-0x0000000000B3C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2620-113-0x0000000000AB0000-0x0000000000B3C000-memory.dmp
Size

560KB
MD5

30b8937df0ce6e26963de4983e32f2ee
SHA1

a61649242d7dc12bd6a44ebcae4fe4774e58481d
SHA256

639b1dca05a824aa3b2be3f29dc2f925115e8d21ece7021d35060702ae65e4ec
SHA512

b8e7ab48f1d6c550f9c428d348435d0766391e57abbb171a80809278a56c85002b77c3f0a901c3591413fa51f15b3215722a4cef5d7e9d64dac634134a320214
SSDEEP

12288:BTZPaZ+r2M9MtP+r/EKXUYIl8D1vPXnXQUUlTFU:BTxaZ+CqMtP2XUYIl8D1vYU

Score

10^/10

lamp redline

Malware Config

Extracted

Family

redline

Botnet

lamp

C2

77.91.68.56:19071

Attributes

auth_value
ee1df63bcdbe3de70f52810d94eaff7d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2620-113-0x0000000000AB0000-0x0000000000B3C000-memory.dmp

Files

2620-113-0x0000000000AB0000-0x0000000000B3C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.H)N
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yYC
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ