Overview

overview

10

Static

static

10

1604-298-0...ry.exe

windows7-x64

1604-298-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1604-298-0x0000000000AE0000-0x0000000000AFE000-memory.dmp

  • Size

    120KB

  • MD5

    ab519de9d17d3c9705352c400e320435

  • SHA1

    9ea9bb150cba7d4cf4f31f6d6ee28b894f9932ba

  • SHA256

    6b7326f9e1e5eb892756192fb69b20c754b180540edefec85cc3c8c3a5fdc616

  • SHA512

    904f2aa80e94a83b5f82c59ac71ed450873eb358920427869e585dce309418c643ab0ae0447cc9ddf3ef8d36b4f49174ae325c4a1efdca7ebf73c7e8725a42a5

  • SSDEEP

    1536:Yqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pGl:2t1FYH+zi0ZbYe1g0ujyzdeG

Score
10/10
pixelscloud2.0redlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

pixelscloud2.0

C2

85.209.176.128:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1604-298-0x0000000000AE0000-0x0000000000AFE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections