Overview

overview

10

Static

static

10

1624-8-0x0...ry.exe

windows7-x64

1624-8-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1624-8-0x0000000000400000-0x0000000000452000-memory.dmp

  • Size

    328KB

  • MD5

    135d4833e325ea59cbdb58cbae5c7c4b

  • SHA1

    65f824602a5dfdb76f748b00480e75fb73d183c7

  • SHA256

    f7ab318e16510660713731cd2906829fa6f3d982813f2ed519c434cb11efdbab

  • SHA512

    577cb2afe6ce8710b200b3a911f1c97e08816acd1d5f491768ee6064d060ead0241496435880055380752df0ab0898f8793f45b702bb00d8b4623f05fe7df8b7

  • SSDEEP

    3072:C2cLYbYoQnBrtL9b9ANI/EOacCK9sEdYYXknXoWx9R2AgkVMRqT6Dv/Y:HWb9+cCWYYKx9AAXVMRqT6D4

Score
10/10
gorodredline

Malware Config

Extracted

Family

redline

Botnet

gorod

C2

159.69.179.151:12807

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1624-8-0x0000000000400000-0x0000000000452000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections