Overview

overview

10

Static

static

10

1324-0-0x0...ry.exe

windows7-x64

1324-0-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1324-0-0x0000000000020000-0x000000000003E000-memory.dmp

  • Size

    120KB

  • MD5

    709d9b7e03ac991646c6c14cfd9c7f11

  • SHA1

    9ffbe5399f050f3bb756f17e59a27e7e74311410

  • SHA256

    1a2ddfaa489cf94ff9f5277751a82e0fa1dde5c7a3e9ec1c17db14614c195620

  • SHA512

    8830e5fd57fed1166f8e73f201958ed390acf260e43b30705f1ae9cb1040b48773eb714a47131f7959c6de5c9fdd85bd9e58063ed4c981c70d5b4c7b5e50b13b

  • SSDEEP

    1536:pqsk1tqzClbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2H3tmulgS6pe:HwtAyYr+zi0ZbYe1g0ujyzdPe

Score
10/10
testredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

test

C2

89.23.98.105:4483

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1324-0-0x0000000000020000-0x000000000003E000-memory.dmp
    .exe windows x86


    Headers

    Sections