Overview

overview

10

Static

static

10

1492-56-0x...ry.exe

windows7-x64

1

1492-56-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1492-56-0x0000000000400000-0x000000000042A000-memory.dmp

  • Size

    168KB

  • MD5

    5cddc9cdb89cfe2be7ac64259cb3a278

  • SHA1

    938a568af47f243db3470924771623285ad5586a

  • SHA256

    98e10b45ba1b841885447722efb5e33b0101dceffbcb986f5745defadec2b0a5

  • SHA512

    c83eac10e7d4baeb0977e93d6bc66e0dca107f6d5fbe043413cb98f3e1c0b0abc3251932fe3692f2bfbba969858acd432a18b14c30b15e084ae8c1b7afe2afe8

  • SSDEEP

    3072:TV+m5cvQmRSN92dMb/ggGmWFZDhsZ68e8hF:TjGzda/FkHDhsQ

Score
10/10
koktaredline

Malware Config

Extracted

Family

redline

Botnet

kokta

C2

85.192.49.153:39029

Attributes
  • auth_value

    2a070a8b38dd88418889eb66f5fe75c4

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1492-56-0x0000000000400000-0x000000000042A000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections