Overview

overview

10

Static

static

10

1628-138-0...ry.exe

windows7-x64

1628-138-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1628-138-0x0000000000400000-0x0000000000426000-memory.dmp

  • Size

    152KB

  • MD5

    c8ee92166720c743894bd352911c2022

  • SHA1

    dbb58e0c9280a368401732691e2e0a77a2bfe544

  • SHA256

    936bf750d50c5b7a7dc5861108aea272209ffc0b24b52e826f5df825201fcc5d

  • SHA512

    8df19c5a6ea2046f624fac45deacf5313b6c5168b6b8cc1f57f295c7ca29e85889af11da86d67c4861e301332d871a9426d906020d74b3609f63a324937425e1

  • SSDEEP

    1536:PaLcnVHT1C/oHxsJQ4+fe0koZFu/OYmtihZjaAbV79/dweNKsYgibfbFDKsRp:SLcZZVoq20kuurmk0QLVwGYgafJlp

Score
10/10
@anatoshascam - 05redline

Malware Config

Extracted

Family

redline

Botnet

@anatoshascam - 05

C2

5.42.64.70:45663

Attributes
  • auth_value

    2b15d48e920aee4d52db40eed695b7c3

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1628-138-0x0000000000400000-0x0000000000426000-memory.dmp
    .exe windows x86


    Headers

    Sections