Overview

overview

10

Static

static

10

2596-688-0...ry.exe

windows7-x64

2596-688-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2596-688-0x00000000012F0000-0x000000000132E000-memory.dmp

  • Size

    248KB

  • MD5

    54da7bb9b40a3caab4be1c2f35792681

  • SHA1

    640c19417c275358d45ecb29c5e66d2a8b30fc98

  • SHA256

    b07fec9262916837162fbaad12bdfe7acaa1c3f9113842d6443f4862cf077a0b

  • SHA512

    7170e13841c0ee2feee10589d94d312698093273446e407865d7f907129da1bdeb495cfee11d51171181e70d0bf548e3ea00fa746a1c5919fb16c43a78160873

  • SSDEEP

    3072:RtJXRMeZYncNgckxQdxCr1d2t/q5yoQVZL53pRzzXZQAR:RJMeucNgckedxCDo/doQVZdZRzzXZQ

Score
10/10
kukishredline

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2596-688-0x00000000012F0000-0x000000000132E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections