General

  • Target

    2768-72-0x0000000001100000-0x0000000001922000-memory.dmp

  • Size

    3.3MB

  • MD5

    1dde4170d70302ac2275658e1b7b708c

  • SHA1

    ece9fa527b799dbf32b497ea447a4e9d5d37f140

  • SHA256

    57d0b8212698df16daadd208cc8aad86518c244c38e854f7bbac952dcd4dcc05

  • SHA512

    0fc64ed09969c385c5b6fe8aed05b67a42b0f29ecbe36b7d9d05840c4eb178e5edf4b09058e57124de32891fdf94c9db2c1f2318f1b5b07a02709e70a37668d9

  • SSDEEP

    24576:QaNgcIr/DCwvVN38uBqB5FwT3rOZekL/o5P+36tvJQ9ohcok2wBRHVk7sXVn9ev6:Q382Uu78ekTod+2hQSRWG9K7Y6X74re

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

1122

C2

194.49.94.77:22888

Signatures

  • Redline family
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2768-72-0x0000000001100000-0x0000000001922000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections