Overview

overview

10

Static

static

10

6000-487-0...ry.exe

windows7-x64

1

6000-487-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    6000-487-0x0000000000350000-0x0000000000380000-memory.dmp

  • Size

    192KB

  • MD5

    ca300cf41fa9180c74acd52c61b6b683

  • SHA1

    32db3e9bc8e170bfa19b42c3977aa8b6bdd1fcf2

  • SHA256

    7d70c1eb853437813efea420241a6f90ab2169af582cc47b86b709086c2b2d1c

  • SHA512

    7ce5a54083ac5b36299df7b7f4ff5cc0bca93110422f31cb63391004566d867913c0228fd3498025d0a5f17c8c4423f6a36fe1e9d08db670bc33e2d9d5fb78d7

  • SSDEEP

    3072:t1rfs5//I0bmCKugObCKR4eSwbD1J19cgrE0ML2Oam82Jq8e8hU:brk/I0bmzulrE0U2E82Q

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.4.46:33783

Attributes
  • auth_value

    295b226f1b63bcd55148625381b27b19

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6000-487-0x0000000000350000-0x0000000000380000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections