Overview

overview

10

Static

static

10

1648-129-0...ry.exe

windows7-x64

1648-129-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1648-129-0x0000000000400000-0x000000000042E000-memory.dmp

  • Size

    184KB

  • MD5

    a5af9a8126780a8b870b297face23220

  • SHA1

    d16eb6c0bb9eb8516d9444496f7f1a3ac8e8a8c4

  • SHA256

    5879bd0936fb8b5716b67edde37c421ac790c329c5b69f2a8f321b1c38fcb7ff

  • SHA512

    5d53921044a9f7186d4d5a1baefd7788de7c82b12e8820fb4ff59f3a37fec929561d7ef63df5ae78023192ea6ec6d8302eb9eaa72ebd6b8e1fe4885143a4d3a1

  • SSDEEP

    1536:+TXbeqhVZCGW+WEVPhq8Wg8fnv5RCNTGqVYFWbuME0aQ5ZDr/e84wYks8e8hH:aLXWb8WgMv75qVYsKaZDr/eZ8e8hH

Score
10/10
metroredline

Malware Config

Extracted

Family

redline

Botnet

metro

C2

83.97.73.126:19046

Attributes
  • auth_value

    f7fd4aa816bdbaad933b45b51d9b6b1a

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1648-129-0x0000000000400000-0x000000000042E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections