redline | 320-7-0x0000000000A80000-0x0000000000AFE953-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

320-7-0x0000000000A80000-0x0000000000AFE953-memory.dmp
Size

506KB
MD5

751d54f21cb102b6a02a027d76cc4646
SHA1

d26d0ccba4cacac35c693fcf66ce088b223ed7c7
SHA256

c48837dbad984671514e8896124976161f097c0e80aa0d080aaa6acac5f8eeda
SHA512

2428421d840eeb65a63044579ef8ea3cf540cf4268f904ed60a5360f72aace2794f5be788dbb2d98042eae18c38d1d9331eac22a65d76a15efd1624153468a8b
SSDEEP

6144:KTQeUVQFeI1zQ/k8A5FqY6iFawP4A1X3TAkA6xkcZqf7DInLddPip:beAQFzrJawPb1X3A6xkcUzsn7Pip

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
320-7-0x0000000000A80000-0x0000000000AFE953-memory.dmp

Files

320-7-0x0000000000A80000-0x0000000000AFE953-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Right
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE