Overview

overview

10

Static

static

10

4064-2072-...ry.exe

windows7-x64

4064-2072-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4064-2072-0x00000000011B0000-0x00000000011EC000-memory.dmp

  • Size

    240KB

  • MD5

    2cb6c30c5350215e4aa1a7e47587e742

  • SHA1

    2c9d7a05cfa56c66e02f0378d7375cecd8692c30

  • SHA256

    acfb33f8c12835be418511dbfb20cf5ac2207d9a35e2e0b775ee502bfbb419cb

  • SHA512

    992cfd537d51f2f1d854b20d8e6ff7f7be54cbb180232a2db7ea92bc2dffb9093a06a50f29d4fe8e079903a316260cfb84a9653ceff19fd226fb78cf0bc0fd30

  • SSDEEP

    3072:p72pP/78NgclYbmxrjboC9NRSdxDISQweuIDcjOT8KSk:pyt/78NgcmirjbX0XDISRtIDcjOTX

Score
10/10
@croncloudredline

Malware Config

Extracted

Family

redline

Botnet

@CRONCLOUD

C2

195.10.205.17:8122

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4064-2072-0x00000000011B0000-0x00000000011EC000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections