Overview

overview

10

Static

static

10

1652-242-0...ry.exe

windows7-x64

1

1652-242-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1652-242-0x00000000010A0000-0x00000000010CA000-memory.dmp

  • Size

    168KB

  • MD5

    3a4c2444352eb0d009c14bf252040b81

  • SHA1

    78eb6d3febb8a330b25c386e02f2d62239035f53

  • SHA256

    d4736d4ca10ea8c434c3bc9eba21329e3943f51298f3cb10890ebb13d79131f4

  • SHA512

    35303fddde978b83aa9606da5024dff3f557cf9ec3bdf167c0d130586e4822eb09975083018d1785bafddfe964a1741c891ef14981ea58049e1fabdf816524ab

  • SSDEEP

    3072:HV+m5c9QmRSRN8YNkMaJScaqhKZy8e8h4:HjA9BMrqhKo

Score
10/10
damaredline

Malware Config

Extracted

Family

redline

Botnet

dama

C2

185.161.248.25:4132

Attributes
  • auth_value

    d8b2637e0546aea3944c251022b63e77

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1652-242-0x00000000010A0000-0x00000000010CA000-memory.dmp
    .exe windows x86


    Headers

    Sections