Overview

overview

10

Static

static

10

5980-509-0...ry.exe

windows7-x64

5980-509-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    5980-509-0x00000000005B0000-0x00000000005EE000-memory.dmp

  • Size

    248KB

  • MD5

    6de5e6bff4e5e101035e5b4cfbd1498f

  • SHA1

    26225168b0e35cb1556754344151be97e52e10ea

  • SHA256

    dcea8db43dc9acf31dcf0356a72d49cd0e6f173125bb1efbc34fb795d101c1ff

  • SHA512

    a8bdfbf78709e21a87ebb2c4607d5790bbbf608d3f125218f697caae0e8a0a0085a04eafe79da8fed75e5f542f0cc1c8f3625bed58e62406491839f1cecbf0e7

  • SSDEEP

    3072:KJctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcRZ:kDPGv1NgcUVWCuHF/CXPMxXLEfc

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.4.46:33783

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5980-509-0x00000000005B0000-0x00000000005EE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections