Overview

overview

10

Static

static

10

1496-1890-...ry.exe

windows7-x64

1

1496-1890-...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1496-1890-0x0000000000620000-0x0000000000650000-memory.dmp

  • Size

    192KB

  • MD5

    bfd49637281e38722f8e193dafb3cc5b

  • SHA1

    ea70d5ed22a764a437c3426c564a8aa345ec558a

  • SHA256

    e4845094a41378fa8179340a10f691a112756df6355ea03afe312716bbc3e93d

  • SHA512

    e1262d94b9b5c262adfd27081397f7053a5a60dff38365fb4d9a3e502c784d9df7d77cb61533cae58033e50a571f5003c71d64e078a9b01172ce4371a23b7401

  • SSDEEP

    3072:XiA6d8FQlbZElaDndqVQlQoAXETS+SD8e8h2:1ayQlnTAXETS+SD

Score
10/10
@cloudcosmicredline

Malware Config

Extracted

Family

redline

Botnet

@CLOUDCOSMIC

C2

20.226.69.130:30497

Attributes
  • auth_value

    c8ced34a15f6ccc97625aee05a0d1951

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1496-1890-0x0000000000620000-0x0000000000650000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections