General

  • Target

    1676-249-0x00000000010E0000-0x00000000010FE000-memory.dmp

  • Size

    120KB

  • MD5

    56d033dfe6bf0d776c3ffad1706e5311

  • SHA1

    d6f83434f89f81ca4b00d5c66e7822c1c8a1c59d

  • SHA256

    4d8ca75d0e3c4885bb67b6737979f0c91c1019188725d3e9332642ef87035146

  • SHA512

    88b46ef130238053a1cd27c7a625fbacba756ab556057afa1f020dd1f08f67a554c5e8ac65e3edb2ccc01a932b45641171a88492c09fead6dd926183cd0f7685

  • SSDEEP

    1536:uqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pjl:Mt1FYH+zi0ZbYe1g0ujyzdej

Malware Config

Extracted

Family

redline

Botnet

pixelscloud2.0

C2

85.209.176.128:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • SectopRAT payload 1 IoCs
  • Sectoprat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1676-249-0x00000000010E0000-0x00000000010FE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections