Overview

overview

10

Static

static

10

1252-258-0...ry.exe

windows7-x64

1252-258-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1252-258-0x00000000001C0000-0x00000000001DE000-memory.dmp

  • Size

    120KB

  • MD5

    07da141d9f5e69187e1ef9a7abff1abc

  • SHA1

    c287e5bb6d280f78b4b80a98cdfdd06dc03dc9ff

  • SHA256

    0801145cc51e910da708be872e9b76e69a52e040d5ff24b1b28df0809ca2db66

  • SHA512

    976e70d43bf0dade0f47f81ec5c97cce16f62ddfaaf795b944e5058d39a4eb68accdf94003d8715612c0e98201fd198a48f180c5de2666e03a01287e9880af81

  • SSDEEP

    3072:f3HcjBPe7NerE+CrFkDSuOkZDcXiqEqVRI:feGKDRAX1

Score
10/10
5141679758_99redline

Malware Config

Extracted

Family

redline

Botnet

5141679758_99

C2

https://pastebin.com/raw/8baCJyMF

Signatures

  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1252-258-0x00000000001C0000-0x00000000001DE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections