redline | 1376-1-0x0000000001090000-0x00000000011ED000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1376-1-0x0000000001090000-0x00000000011ED000-memory.dmp
Size

1.4MB
MD5

b63e3c61474c40e92685397ecae7f279
SHA1

081bcd2eddef6eeadf5e4f34c5ec0ff5bbecc848
SHA256

222bab8070cb9e8d44c2462961cab8dd8af0cd382fed13742a5b9ba012a0a3a6
SHA512

6b17fb93c37a512411082078a7cf177f9bd2d955b7b7dc3cf17005d2e41c2019463199611fd98720c9c607e30aa23d36d4d58ed1c68d0c7eb14b0ad9f11eadb2
SSDEEP

24576:ZM9RzlGZoDAqNJk0s+/QiaWscWdiy9ZLrI0MDYbHV:ZM9Rzl2qNJk0PvNWd9Q0H

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1376-1-0x0000000001090000-0x00000000011ED000-memory.dmp

Files

1376-1-0x0000000001090000-0x00000000011ED000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.euro
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ