Overview

overview

10

Static

static

10

848-158-0x...ry.exe

windows7-x64

848-158-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    848-158-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    f6386a3832e872bdeffe454b517e42c9

  • SHA1

    182611773db8d6a4325b4c679a2ea6f473a2bfed

  • SHA256

    75731e456fa37d6c6cbf74a882eda8c396d487caf2cd4e1351b26d620b3aabbd

  • SHA512

    f1c1550f634922b54d4588524ebd6fdc7c9f781de579997d6489a7b4776b84a792193bb54adc0bf1d6728fff36c56d8314e3c820fc2e52a268b2e2b63af91add

  • SSDEEP

    3072:bV+m5cRQmRSZjGkkXFrSjZ8l9hXZh8e8hJ:bjUbN19hXL

Score
10/10
jambaredline

Malware Config

Extracted

Family

redline

Botnet

jamba

C2

185.161.248.75:4132

Attributes
  • auth_value

    b01bf275593de07ba204560db44b861a

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 848-158-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows x86


    Headers

    Sections