Overview

overview

10

Static

static

10

1284-1149-...ry.exe

windows7-x64

1284-1149-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1284-1149-0x0000000001170000-0x00000000011AE000-memory.dmp

  • Size

    248KB

  • MD5

    cddb453b9531c5205d59df907bc883d0

  • SHA1

    1f2c94876e24f05bb589b67448f46a7e0ee1a7a7

  • SHA256

    e9561abe1ec3437f79d138f74ce8c68e85c4e0bc8ecfebd6a3393104f03c5bb6

  • SHA512

    12255e3aea252bd0b7fd386775127a3b39777c3d0ffa19a82b1f4c30b47089d9ed90d2c35d8d2f10d4c0e320a1f2a133456189dd49e3fe5d677c90edc31f3e63

  • SSDEEP

    3072:itJXRMeZYncNgckxQdxCr1d2t/q5yoQVZL53pRzzXZQAp:iJMeucNgckedxCDo/doQVZdZRzzXZQ

Score
10/10
kukishredline

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1284-1149-0x0000000001170000-0x00000000011AE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections