redline | 4900-2-0x0000000000AB0000-0x0000000000B2EFAE-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4900-2-0x0000000000AB0000-0x0000000000B2EFAE-memory.dmp
Size

507KB
MD5

34195eb265a31342b402ec185cc75198
SHA1

9659b7cbec93f82008965a42fde90e2f175ab97a
SHA256

481634b783f4d622e261bac2bea4189d9778d251043cb16c4daaf0a7e6657d46
SHA512

54646e310f66e559f9bfe15c7941ce5997ee3b8845b972705477f7aae53a1832fe58767642ed19e7f3f3577974bde844dc60f7a384570dfa6fa1278466473631
SSDEEP

6144:ISGctDwCFw/2DooLUzqY6iFawP4A1X3TAkA6xkcZqf7DInL1InHo:IzctDxfyJawPb1X3A6xkcUzsnwHo

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4900-2-0x0000000000AB0000-0x0000000000B2EFAE-memory.dmp

Files

4900-2-0x0000000000AB0000-0x0000000000B2EFAE-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.DAX
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Left
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.INV
Size: 55KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE