Overview

overview

10

Static

static

10

2896-78-0x...ry.exe

windows7-x64

2896-78-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2896-78-0x0000000000D80000-0x00000000015B0000-memory.dmp

  • Size

    365KB

  • MD5

    8a84d5d382d1c4849fbb602404504199

  • SHA1

    45b3f999b4b6bed9f002c3d91fd7ca7b96735c86

  • SHA256

    3f5f84dc660bac18212906f000730130dc88ff4ecf7d3f17860b6128751c630d

  • SHA512

    b4be936255328430a5ff5c5b09e06f97ff711c22c44150a74fd61d57cd7bff2536fa67bbb19e926a8d031f31608ddce2cfe7558613cbee4be2ee0f27a8945b7a

  • SSDEEP

    6144:zib5zn1bwx4mAXVMRqT6D4pxjRyu9Jire0rAIz:E1bnFMsW8pxjRyOiZkw

Score
10/10
themida24kredline

Malware Config

Extracted

Family

redline

Botnet

24k

C2

91.92.245.15:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2896-78-0x0000000000D80000-0x00000000015B0000-memory.dmp
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections