redline | 2812-114-0x0000000000480000-0x000000000050C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2812-114-0x0000000000480000-0x000000000050C000-memory.dmp
Size

560KB
MD5

4a87b0ce291eb99b4c655c223055fead
SHA1

de22d68a159e13a21683550ed4ff338a6a91a64b
SHA256

27360191d1cbea5161dfa7bb89683e996ba40c81689c0842792fadc64def109d
SHA512

ea081ef8595d125f907e1418b5095d6e4c4c39aac5a9dd661a90eab94be4caacb1405568039101a688da477412a3972b11b7eaad73511306b4c7c540c0daa098
SSDEEP

12288:Q1EScvDc/5I9wRtp9mF2WHw8d5U5J6LQtG0/Wy:Qf2wq9wXyF9V3y

Score

10^/10

lamp redline

Malware Config

Extracted

Family

redline

Botnet

lamp

C2

77.91.68.56:19071

Attributes

auth_value
ee1df63bcdbe3de70f52810d94eaff7d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2812-114-0x0000000000480000-0x000000000050C000-memory.dmp

Files

2812-114-0x0000000000480000-0x000000000050C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.95b
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g`p
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ