Overview

overview

10

Static

static

10

4868-45-0x...ry.exe

windows7-x64

4868-45-0x...ry.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    4868-45-0x0000000000BB0000-0x0000000001408000-memory.dmp

  • Size

    3.2MB

  • MD5

    de971bc1aedc419e5263b384d39291c8

  • SHA1

    48f21a538fdb54c0554c677dac4f240b5dc8c585

  • SHA256

    e513333c9b1caadefc8f78e6c7234328a703f433b369e1bf6e28f658c307e9d0

  • SHA512

    4611a110b92a58bc23dc703ec01c485b2dbe6631428bda922a088265d225c4dad1542d032d84e4742fffcbbff81438b19ed1c356d92ae1f666fab691f7347479

  • SSDEEP

    49152:tUGQf1Jy6xm4F+snxbbAhCrXsXYWnwlLwO8GEYFM:yGQ7xm4FBnNKCrsXXwlLwO8GEYF

Score
10/10
themidagetmoneyredline

Malware Config

Extracted

Family

redline

Botnet

getmoney

C2

194.169.175.128:37853

Signatures

  • Redline family
    redline
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4868-45-0x0000000000BB0000-0x0000000001408000-memory.dmp
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections