General

  • Target

    5348-508-0x0000000000950000-0x000000000098E000-memory.dmp

  • Size

    248KB

  • MD5

    642a41364881dbccbcd776d9351ab2ff

  • SHA1

    b7b4f9bc290b617238fe5a8023bb819190cb4176

  • SHA256

    96f6c19e52627436d0d66651e20b41b1599698ff5f7558bce85995dc9e6b0e16

  • SHA512

    1c0f7936be619ce0732abfc0eae7a7812271c7003731ef80223ddb3ec6385dccb37aef2379191e1832f8068a707e4106d715c039c1520174cf789667d40c6843

  • SSDEEP

    3072:wJctOPGO2n1NgcU6YW8qu7SHBFt/qLdVPMxX/jEIgcR7:GDPGv1NgcUVWCuHF/CXPMxXLEfc

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

176.123.4.46:33783

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5348-508-0x0000000000950000-0x000000000098E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections