Overview

overview

10

Static

static

10

2912-1179-...ry.exe

windows7-x64

2912-1179-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2912-1179-0x00000000000D0000-0x00000000000EE000-memory.dmp

  • Size

    120KB

  • MD5

    af383f798c4f7f496f6c019b1b26627f

  • SHA1

    ad56729eb63a0c8e56a2c3ca317027a107467b65

  • SHA256

    1b2322aea8a5a4a6f2f4683d6829e996074c0e1ca8241e80ced17413fd68990c

  • SHA512

    3a732a82376b0d2c554fbd98ee3403d6cce03c007753cb2cc4cbbad024bd822746536bfee148e02f079078eb9f91f7a0312ce2af11cb8aedcbb9b9d113ad2c01

  • SSDEEP

    1536:mqskaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2kteulgS6pzl:U7ZeYP+zi0ZbYe1g0ujyzd0z

Score
10/10
pixelscloudredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

pixelscloud

C2

85.209.176.171:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2912-1179-0x00000000000D0000-0x00000000000EE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections