Overview

overview

10

Static

static

10

736-387-0x...ry.exe

windows7-x64

1

736-387-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    736-387-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    d34c631a462c3755cbc3c26314f8c946

  • SHA1

    bc85985d3f27d987493fbf002809169a8fbd6cb4

  • SHA256

    a48e9e9f2814ece9215ad114bc40fe2aeb233524cf82e2b6051338e9ae75345a

  • SHA512

    64bec7fc2d8ddf1076b3125d7ff5cf0169d584c0af6b7798f82f25f6e0ff4852b16376cb025de799514e0eef76aea41f5205afbaf4b235f2f0c1820f6f9e78a0

  • SSDEEP

    3072:mV+m5cVQmRSx0xlR5B2j5wMeoDChYZV8e8hh:mj4plRExNChYf

Score
10/10
terraredline

Malware Config

Extracted

Family

redline

Botnet

terra

C2

185.161.248.75:4132

Attributes
  • auth_value

    60df3f535f8aa4e264f78041983592d2

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 736-387-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections