Overview

overview

10

Static

static

10

2692-248-0...ry.exe

windows7-x64

2692-248-0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2692-248-0x0000000000CA0000-0x0000000000CBE000-memory.dmp

  • Size

    120KB

  • MD5

    b979a83987666ca92f568e6a8f70e2f2

  • SHA1

    4f22b351bcfce0955c18100978c78b3a1f9b3c9b

  • SHA256

    7b3324cb1a2fbe1ca00aeb90b7ea44b51d602f24cb48460fed4007e4c67261b0

  • SHA512

    4a94293828e27096f5d45f62e6a5652ef35cd6886585ea504a26ad19378a1fbc84a4c396ec495b5b06929e763eda474818be3ee9dc70521ee29427ca4a890158

  • SSDEEP

    1536:dqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pKl:Lt1FYH+zi0ZbYe1g0ujyzdeK

Score
10/10
pixelscloud2.0redlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

pixelscloud2.0

C2

85.209.176.128:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2692-248-0x0000000000CA0000-0x0000000000CBE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections