Overview

overview

10

Static

static

10

676-141-0x...ry.exe

windows7-x64

676-141-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    676-141-0x0000000000250000-0x0000000000280000-memory.dmp

  • Size

    192KB

  • MD5

    29995a933537511d0ea20bc1753dfdce

  • SHA1

    d0b6dd77175fb888cf4b5882a51babfcfbf25049

  • SHA256

    83e00cf88414a76857da7a457f5ca2c108db58a2df8bbb359299c83aeeed31fe

  • SHA512

    e0b4b17d24e2083838520bfc3249bbeafacf2b04ae094118292f37ef096f71813cf0bb79297f7f8aa6488f11df95027a29215a44e380e739a5a4aecf9d093666

  • SSDEEP

    3072:2MtDiwyqSVghBGfAGtTjxNKifvWPxnD8e8hy:nibuhM5ZmnPxnD

Score
10/10
rovnoredline

Malware Config

Extracted

Family

redline

Botnet

rovno

C2

83.97.73.130:19061

Attributes
  • auth_value

    88306b072bfae0d9e44ed86a222b439d

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 676-141-0x0000000000250000-0x0000000000280000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections