Overview

overview

10

Static

static

10

4872-1354-...ry.exe

windows7-x64

4872-1354-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4872-1354-0x00000000001C0000-0x00000000001FE000-memory.dmp

  • Size

    248KB

  • MD5

    5b9cca6e1cb46f8d06a2e8e837da6cae

  • SHA1

    674a3ad15823af54bf098b77e6a8b2452abb795a

  • SHA256

    e2baca180a6559fd53e3addbb45944177900e741f577bf2a7a5aa7c9c8037753

  • SHA512

    699191106420936874cea69630d02cc10476e60a473feaafcb19ecea34e113cd16db39134e3de0f2e5cc7fcbfe1a99d595dcf48a1138945553dc169cf04f5788

  • SSDEEP

    3072:Ning4InXNgcy9Wy3aPGcntCTt/qhGFlvDYLXZiTtzv:Og/XNgcWr3aPu/5FlvDYLpqt

Score
10/10
@ytlogsbotredline

Malware Config

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4872-1354-0x00000000001C0000-0x00000000001FE000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections