Overview

overview

10

Static

static

10

4224-229-0...ry.exe

windows7-x64

4224-229-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4224-229-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    eb47a400358eaa006a60e70b1ab80bf8

  • SHA1

    a71431a7ac52065a054f1dbdeaf964bb5253467d

  • SHA256

    c61d281511fae436311473566b39c91f3674e26ff1e8e9bd1c3632995a47f8b6

  • SHA512

    c84149a0955a799169179ae980b9fb8d2b09c2f244b170af5cfeba743dfdbd9ca1d171c915f63ff983777a0174c21ae76352e32cff22d9e1cdf53b035e4598ac

  • SSDEEP

    1536:L2BGlTP+mZP61WEYDmRSZDgQsaZJaITcTQuwQfojQl1buP+vstJ0wuei/rv+R+u9:5V+m5cRQmRSZPoJQkPDktJhwZu8e8hK

Score
10/10
gogenredline

Malware Config

Extracted

Family

redline

Botnet

gogen

C2

185.161.248.75:4132

Attributes
  • auth_value

    dfb27ce11afd52277523c8e405853d53

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4224-229-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows x86


    Headers

    Sections