redline | 2904-94-0x0000000000480000-0x000000000050A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2904-94-0x0000000000480000-0x000000000050A000-memory.dmp
Size

552KB
MD5

5d49acb51c22b5afe7f8af0dc40a1925
SHA1

3ac86c3a98571979fa8ac6c407636d772ce32326
SHA256

64e000e96a977cf0771b5620ae549626121ef333b1081c69084da89d9cc3915d
SHA512

7f8bb6a62e662eac88e4bfc072108e763a7354530ce64986c6016193c237cc1e71d80dbbce2e8cbc34d5d278347fbf981dc2a18ca0d450d6e380e66f172523c5
SSDEEP

12288:GrYVyMeIqyi/w/yWL5jhSP83/DxVO3gQPvcOG:GrYVa7yD3FNSPMcG

Score

10^/10

lamp redline

Malware Config

Extracted

Family

redline

Botnet

lamp

C2

77.91.68.56:19071

Attributes

auth_value
ee1df63bcdbe3de70f52810d94eaff7d

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2904-94-0x0000000000480000-0x000000000050A000-memory.dmp

Files

2904-94-0x0000000000480000-0x000000000050A000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.e]%
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T!0
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ