redline | 1764-1-0x0000000000E00000-0x0000000001182000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1764-1-0x0000000000E00000-0x0000000001182000-memory.dmp
Size

3.5MB
MD5

c1bf4ed4e2b33fc387350c7f11dcc9db
SHA1

0f4ce8a340989235e2a6e62f6bfd49a5abf6f789
SHA256

92c19a5a094a0555b3ca8811af30e58bb14d1ca5aafd213099107292c91719dc
SHA512

ff4e296fbb6483775cd2032f9c91b85d4e114d01462a88d3a58371690f619292243419cbabcb0437d1be8c981128c1951acff4adc5e919f54335a631835a57f3
SSDEEP

49152:pbNwemY+22boTeIH5TKE1qaXyrpV/daIoR9tHWMDhH4M7y:p5tmO8XI1KEIaXyrpVkhWMD2Mu

Score

10^/10

test redline

Malware Config

Extracted

Family

redline

Botnet

TEST

C2

185.172.129.234:34244

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1764-1-0x0000000000E00000-0x0000000001182000-memory.dmp

Files

1764-1-0x0000000000E00000-0x0000000001182000-memory.dmp
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ