Overview

overview

10

Static

static

10

2528-132-0...ry.exe

windows7-x64

2528-132-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2528-132-0x0000000000400000-0x000000000041E000-memory.dmp

  • Size

    120KB

  • MD5

    ed1a310ba580582d4e262853992b2578

  • SHA1

    7bf2f738662fa59d2a46fb1b142d1c3362a5f95d

  • SHA256

    cd4473da378d7530445302b5010706e119c9517c664a7463779749be580c73f0

  • SHA512

    42d71ca85b9a0f450f89b9fc8ee0a193c4fe7c947bba763d213feac8a24d2f47fa369bb1377ef2db9ce8f3fda8106fd921b110aa56c5b1ea93590c2adf3bfb63

  • SSDEEP

    1536:Bqs+FRcqWClbG6jejoigI743Ywzi0Zb78ivombfexv0ujXyyed2ttmulgS6pUl:veRclyY7+zi0ZbYe1g0ujyzd1U

Score
10/10
invoice2100redlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

Invoice2100

C2

45.12.253.208:3030

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2528-132-0x0000000000400000-0x000000000041E000-memory.dmp
    .exe windows x86


    Headers

    Sections