Overview

overview

10

Static

static

10

5920-438-0...ry.exe

windows7-x64

5920-438-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    5920-438-0x0000000000D50000-0x0000000000D8E000-memory.dmp

  • Size

    248KB

  • MD5

    003ced331b96605f86941d826d4e6593

  • SHA1

    ac03f47edd75b7ea8ee271b098951096f08c0cc6

  • SHA256

    2511948d3f59e10f5f88b27161e021574e247d693b5f8584474918bcceecb297

  • SHA512

    1dd1754c46c660bc989ccd01b4f27712abc278aae539dabb9da6328c9ace229d801876cd9d1efa7ae9898a460d05d1a8b3175b430ea5b308c728309549873f2f

  • SSDEEP

    3072:wJctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcR7:GDPGv1NgcUVWCuHF/CXPMxXLEfc

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.4.46:33783

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5920-438-0x0000000000D50000-0x0000000000D8E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections