Overview

overview

10

Static

static

10

5784-489-0...ry.exe

windows7-x64

5784-489-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    5784-489-0x0000000000340000-0x000000000037E000-memory.dmp

  • Size

    248KB

  • MD5

    fd67fcbbb294891e072274c6980ad2b8

  • SHA1

    cf486d0d33e3f1663d5bb385858350b8b3dc9593

  • SHA256

    8e7060ff3e1d1e4856e4392df0a3bf04da5bc8a782aca850e2e5f7b8f563f230

  • SHA512

    0c0c7319f047cf5f40f86a76bb32e3c4063ac5f7ca358e85a89620b694156a6934ee50fb743b4d4f1b513c8e1ea5a2dc4ce39e7987302e9f1471211675211d98

  • SSDEEP

    3072:ZJctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcRQ:3DPGv1NgcUVWCuHF/CXPMxXLEfc

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.4.46:33783

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5784-489-0x0000000000340000-0x000000000037E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections