General

  • Target

    2120-218-0x0000000000380000-0x000000000039E000-memory.dmp

  • Size

    120KB

  • MD5

    cd85feaa18c53bdfff701e614a89a042

  • SHA1

    912873c8d166c58c7902a9e853bdd5e3da71aa85

  • SHA256

    851dc13dc756b19949c54ac5bd5426b1f0ad5bb2329a1694c5e91e915b14ce88

  • SHA512

    acb0702c0d97397362b7a9b8a6beffcfb6e63f5b42a15e2fab40e7c9987495d97d366ca28d2def90fcd89603f875551e96bb1f4b94ada5434891da528de971be

  • SSDEEP

    1536:Iqskoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2atmulgS6pQl:mt1FYH+zi0ZbYe1g0ujyzdeQ

Malware Config

Extracted

Family

redline

Botnet

pixelscloud2.0

C2

85.209.176.128:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • SectopRAT payload 1 IoCs
  • Sectoprat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2120-218-0x0000000000380000-0x000000000039E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections