Overview

overview

10

Static

static

10

1536-387-0...ry.exe

windows7-x64

1

1536-387-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1536-387-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    963dce9f2ad8037384790811d7ee5feb

  • SHA1

    2cd8b415ffb9ab8acc7e8b308c86b0197df2e70e

  • SHA256

    789bcc9215d0d5e93e17e29772ca8a7a2172069e63348e565664d85c41b6474a

  • SHA512

    a3a0d15f3d093b24b2c0223052d3b5f0c05da10c7ca7dcddaa9e5eac374ac957caa8deb836e2ffe3752da6fe1f9dc34ff09323cbafa52388e50848c0a557e05f

  • SSDEEP

    3072:iV+m5cVQmRSx0xlR5B2j5wMeoDChYZV8e8hh:ij4plRExNChYf

Score
10/10
terraredline

Malware Config

Extracted

Family

redline

Botnet

terra

C2

185.161.248.75:4132

Attributes
  • auth_value

    60df3f535f8aa4e264f78041983592d2

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1536-387-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections