Overview

overview

10

Static

static

10

5852-485-0...ry.exe

windows7-x64

5852-485-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    5852-485-0x0000000000580000-0x00000000005BE000-memory.dmp

  • Size

    248KB

  • MD5

    86c533f0e01a112c53e1c964a08b05b9

  • SHA1

    c42ca163a22b4850bdfbcc9fcdd361f7069190b7

  • SHA256

    c7cea956374b2eaeab810ff89fa2d1fb39c6ecb00ba2d13a9bdd3b5405520742

  • SHA512

    f937b9e4d6c53858491beb88e7871269037ad2f9df4bba974cd8435bc662d6a19ce91538e9ba3e602a0b3b5e6d3495b395f03dee0e681cb0115bab2f6cc10fff

  • SSDEEP

    3072:tJctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcRU:DDPGv1NgcUVWCuHF/CXPMxXLEfc

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.4.46:33783

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5852-485-0x0000000000580000-0x00000000005BE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections