Overview

overview

10

Static

static

10

3020-55-0x...ry.exe

windows7-x64

1

3020-55-0x...ry.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    3020-55-0x0000000000230000-0x0000000000260000-memory.dmp

  • Size

    192KB

  • MD5

    facbd0c8024129546f6bda9599b94939

  • SHA1

    da75eb4369ffa2f3c82994d4b1ab089e047c7351

  • SHA256

    13fe9ec4044cd47cd88ff09f70dc714da8b27727d68d77006349a9f11ff9d6d3

  • SHA512

    41cd34db6c5a17951a3cf019864d27296d353da2d3629d86e6fe18ef6cfbf03a5c34fe72f2004de188df17fa63cb64c7e1b545e88ea1e7efea749eeea6b10468

  • SSDEEP

    3072:dXEGvROVWgOC8FUTxNaeyHf1kaix06+8e8hh:drOHOnq+Tqaix06+

Score
10/10
cosmicredline

Malware Config

Extracted

Family

redline

Botnet

cosmic

C2

157.254.164.98:28449

Attributes
  • auth_value

    9f9c761accf7c4a50557f877f5248584

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3020-55-0x0000000000230000-0x0000000000260000-memory.dmp
    .exe windows x86


    Headers

    Sections