redline | 3024-41-0x0000000000DA0000-0x0000000001174000-memory[.]dmp | Triage

Sharing

General

Target

3024-41-0x0000000000DA0000-0x0000000001174000-memory.dmp
Size

3.8MB
MD5

6b71fdd8f1f9038328a59a3add0d2ef1
SHA1

44332545b7142fb020553dc8d6e01d6bdf5be4fc
SHA256

3c87b34647d231b32d8857ecf8878b402990014931cc2c44596a1a00793e8662
SHA512

6e3478c75a90016985959cdedb76af1618f521c3c52da9b23890fccde65591dfb7880c182f426edc0cb4dc86ae3856d1affa6d4ae7c60381eb284a51442f60cb
SSDEEP

98304:a0P6oiUwKDrZIgCyILFGjPtHIaH83kT1:a0lIBtFq1H78E

Score

10^/10

bild1 redline

Malware Config

Extracted

Family

redline

Botnet

bild1

C2

193.233.132.169:37732

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3024-41-0x0000000000DA0000-0x0000000001174000-memory.dmp

Files

3024-41-0x0000000000DA0000-0x0000000001174000-memory.dmp
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ