Overview

overview

10

Static

static

10

5620-696-0...ry.exe

windows7-x64

5620-696-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    5620-696-0x00000000005A0000-0x00000000005DE000-memory.dmp

  • Size

    248KB

  • MD5

    6b2f596238f1d20b33e59de0372ce994

  • SHA1

    9fd619db612f887744813176f1a2e3382fd8c0e1

  • SHA256

    27e7dd4569555af59d31ad3a531ec420aab9e59bf49fea5c3d4adebfb94d2d37

  • SHA512

    29d40a41e4f3b66278472ceb0cdb80d3536149403992a545751c0667c6b9f4ddd9926ea8bde2e39d580d198e1eb2be70bf9430bd154072c57880585077d4743d

  • SSDEEP

    3072:KEjJpWunbNgcc+fw1nRKlnwT84Zhct/qR8NbtS6GbmhmadC:KGTWubNgcc+I1nRKlwTQ/PNbtS7Khma

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

185.216.70.238:37515

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5620-696-0x00000000005A0000-0x00000000005DE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections