General

  • Target

    1168-217-0x0000000003F00000-0x0000000003F34000-memory.dmp

  • Size

    208KB

  • MD5

    8792b2606e2ac880207fed87e838ddde

  • SHA1

    b1016e7a3f65b70eee12cb73672e5f634a934237

  • SHA256

    37b019aef1b6dbf2203d282c0eb757f14b3ac2d8cb9f9a5b3bbcd43596ddc5ab

  • SHA512

    3f6e272abaa887e20fbc15fe323a0bb3cd2d2f80fb9136b6ceead8f11aa2aa0b5329996bff6cb67fec2d10b9f2ec05c2da299fa1e73ee67ad66fec0d53a4898c

  • SSDEEP

    3072:jzhrmtU/f3YIInGpDvw/1oPYqSaVXr2nhK9w4hxwaD8d8e8hl:5rmtU/gIInG6oAqBVXrmhKZ5e

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.83.170.21:19447

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Signatures

  • Redline family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1168-217-0x0000000003F00000-0x0000000003F34000-memory.dmp
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections