Overview

overview

10

Static

static

10

2288-25-0x...ry.exe

windows7-x64

2288-25-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2288-25-0x0000000000D80000-0x0000000001534000-memory.dmp

  • Size

    7.7MB

  • MD5

    6997c56e6eb3f8aa08b92b924319ffa2

  • SHA1

    215c49151ccf33ba5e63bc3636a0e4bbd2a630a0

  • SHA256

    62e01eb87a69c75f4bfc3244368c235ee2247918636ea00501ba2c66646464a4

  • SHA512

    d7ed8691e705dec46e0182599696f84f59cd2fbf9d51886d8bd452fe7d907c78a2db4720827611148c3f623647e8b87486dd4f53348b5cc8edff7f0554ad8efa

  • SSDEEP

    196608:wNkxyxdT0TejmijxpY9JVZN9nVYeicFOdEVFv+Yk:ER0Tejm8fY/N/FOKVFve

Score
10/10
themidasq1redline

Malware Config

Extracted

Family

redline

Botnet

sq1

C2

185.225.74.51:44767

Attributes
  • auth_value

    698af4e4684b19e1acea9a7ebb86fc9b

Signatures

  • Redline family
    redline
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2288-25-0x0000000000D80000-0x0000000001534000-memory.dmp
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections