Overview

overview

10

Static

static

10

1648-122-0...ry.exe

windows7-x64

1648-122-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1648-122-0x0000000000330000-0x0000000000360000-memory.dmp

  • Size

    192KB

  • MD5

    a942ea0c7519f761b0f9966ed1c6a0a7

  • SHA1

    eba9e09389ff8f2e2b325de67618d2b6cad385cc

  • SHA256

    3b28249a3793f9906ed391182b68b71e22b908b10cc555b13dc6ec3bdaf46224

  • SHA512

    fb79caf7b014c99f9c3f9b77149a5ed36a239d6e070c3f8155fac7744047d83864d012ff1acf8cd422ed57fdf7f2f22453aa32e586618161947b79e565339d7f

  • SSDEEP

    3072:OEV5bSQxA6IldyYxN3KVaxLzzUY47228e8h9:OEFAlW8TLzzUY4722

Score
10/10
novakredline

Malware Config

Extracted

Family

redline

Botnet

novak

C2

77.91.124.49:19073

Attributes
  • auth_value

    31966dcd1c6ca86e6e8b0a259f9d8ffd

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1648-122-0x0000000000330000-0x0000000000360000-memory.dmp
    .exe windows x86


    Headers

    Sections