Overview

overview

10

Static

static

10

4852-250-0...ry.exe

windows7-x64

4852-250-0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4852-250-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    1191701a247f8b8c2a851cb43c16e665

  • SHA1

    131f4945f3663556ada274314d1597ef0e0b4899

  • SHA256

    e7a055a8499b19108462c08f158725091980a13543dcf821b21d055761a9bfa5

  • SHA512

    b4019187850e5a0b930c898951ac99ca19a5e48e1bd992b736f2c843847e01973a30d1dbd0b9728d569607e3b19fc341b3d8f48fad4566e0c54c23b7f9d56782

  • SSDEEP

    3072:JV+m5cRQmRSZjGkkXFrSjZ8l9hXZh8e8hJ:JjUbN19hXL

Score
10/10
jambaredline

Malware Config

Extracted

Family

redline

Botnet

jamba

C2

185.161.248.75:4132

Attributes
  • auth_value

    b01bf275593de07ba204560db44b861a

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4852-250-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows x86


    Headers

    Sections