General

  • Target

    2664-251-0x0000000000180000-0x000000000019E000-memory.dmp

  • Size

    120KB

  • MD5

    d36f4fa93ec208a3499087c3debb2a0b

  • SHA1

    1a89c52dcc561b783fdae19bcc930f9f539dc7bd

  • SHA256

    bbb71c7efc11a0555a518886ae249e9318897e4cf35b5efce001fcb5c1f8c212

  • SHA512

    031f9f5596fff5baca307c16062331cd617f0fdcf2aea574f5c7679a20e7dce84b4be676c9a49d738da652a2e60a8f99c7aa532daf87afe3b09159026cdd417c

  • SSDEEP

    1536:Vqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pwl:Tt1FYH+zi0ZbYe1g0ujyzdew

Malware Config

Extracted

Family

redline

Botnet

pixelscloud2.0

C2

85.209.176.128:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • SectopRAT payload 1 IoCs
  • Sectoprat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2664-251-0x0000000000180000-0x000000000019E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections