Overview

overview

10

Static

static

10

1940-56-0x...ry.exe

windows7-x64

1940-56-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1940-56-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    a25d13174630af8cfc78d32c637413ea

  • SHA1

    f79714c0476bf88eb8d9188a9034a48743a0d4bc

  • SHA256

    52dcd55c2999261b859830667aaeb1d203ed6a390727288ab0649b107951a4b3

  • SHA512

    59a15b5e0292089f5cf340063881d997f12e899a0f4a210f075381c6b6ecc15763bab91b2e1e573f0105dd31003e392e7d7c1fc1096e104d93b5e8a41dc25374

  • SSDEEP

    3072:7V+m5c5QmRSJLiruVyrKfhvh1ZS8e8h+:7j8w0Mvh1o

Score
10/10
@cloudcosmicredline

Malware Config

Extracted

Family

redline

Botnet

@CLOUDCOSMIC

C2

157.254.164.98:28449

Attributes
  • auth_value

    c8ced34a15f6ccc97625aee05a0d1951

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1940-56-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows x86


    Headers

    Sections