Overview

overview

10

Static

static

10

1912-1119-...ry.exe

windows7-x64

1912-1119-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1912-1119-0x00000000009A0000-0x00000000009BE000-memory.dmp

  • Size

    120KB

  • MD5

    3ac0185b0d913f86d8aeff1ce9590553

  • SHA1

    1793ec6c0281b05277dad111e94db29d2a62f3ef

  • SHA256

    4bcb5def9f135b29f73f8cc071edab46438391b7f47914013b7cf015c8420611

  • SHA512

    fb379945c1cc39d31ef456aa8a999e5983abc10182e7649503729096654c577fc5c09c8394b841bd02feb47c0b126baab29bf3b93d52e04ce9b36a2516bd7ff7

  • SSDEEP

    1536:Nqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pal:7t1FYH+zi0ZbYe1g0ujyzdea

Score
10/10
pixelscloud2.0redlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

pixelscloud2.0

C2

85.209.176.128:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1912-1119-0x00000000009A0000-0x00000000009BE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections