General

  • Target

    5420-287-0x0000000000400000-0x000000000041E000-memory.dmp

  • Size

    120KB

  • MD5

    5d5201b02733336280c7866efb685162

  • SHA1

    4214692cafc75bbf7789808239bbac647eb3f412

  • SHA256

    c1d2dbd72431ff6fcf8d1798a1fecc78374b025cc24946f44cb51ec7ccc32b39

  • SHA512

    b482039af0b2c63b1047710b8bd5e24f4fcccbe9ce958a8a40afe8c3963dab50afc465da24bc4a1cd7ddcc849e7dbda89af72bf31af68b161693c4b72e78e145

  • SSDEEP

    1536:NqsCoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2XtmulgS6pIl:731FYH+zi0ZbYe1g0ujyzdPI

Malware Config

Extracted

Family

redline

Botnet

Pirate Jack

C2

94.228.169.207:47379

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • SectopRAT payload 1 IoCs
  • Sectoprat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5420-287-0x0000000000400000-0x000000000041E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections