redline | 2528-47-0x0000000000400000-0x00000000004EE000-memory[.]dmp | Triage

Sharing

General

Target

2528-47-0x0000000000400000-0x00000000004EE000-memory.dmp
Size

952KB
MD5

02a5a40cbc14bc4b20f5aa706435a3f1
SHA1

8a5301aa1de1bd3e3d4f8393e35b2316cf397fbd
SHA256

501726f4eb60a8fb25c690cd3911d4379a2b3a782f065c1cbad5f4e73736eeeb
SHA512

a94b563db03a1e976c1b2296a3d88cab82f9a1bf6a0b3bc0051695e0ffbc2ccdb26b9e47c7c16f744e5f016f66ad9ae0b1894b13c2436c30d059c6a46c8c647d
SSDEEP

12288:5VzGZ8LS5ZZaAcHtMsW8giPv2WzTsgbt/YlyveHlso3nzKClq7gLT:5Vzc8LoqAcGs3Pv2IThRmHlsIjd

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2528-47-0x0000000000400000-0x00000000004EE000-memory.dmp

Files

2528-47-0x0000000000400000-0x00000000004EE000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cSs
Size: 694KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ