Overview

overview

10

Static

static

10

1292-117-0...ry.exe

windows7-x64

1

1292-117-0...ry.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    1292-117-0x0000000000270000-0x00000000002A0000-memory.dmp

  • Size

    192KB

  • MD5

    bc3fcc801b09116bd98183822ae2fc09

  • SHA1

    81d7e3c5498efa8ddd187439879831f9e8fae3b3

  • SHA256

    b0ae3eb302efae51af8da1a6c9415a50893234a6f5c222a1dc687d23ec951bb5

  • SHA512

    faef3daea49af019b4f32e296b836f1d8815cab4ebdc4a2d39160ce0dd7702d540d341d8598206ee9fc8b412b4dc2f98832ac66f63f507c75b60c2a3d78cdd44

  • SSDEEP

    1536:EsJdT36sv0W7T6IS+rHC1rRiX0WxJm6tVODxNuGYQj9buHxeBrKY0GkR78e8hq:EsDpxYtkX08tMDxNqUiKrKYU8e8hq

Score
10/10
gromredline

Malware Config

Extracted

Family

redline

Botnet

grom

C2

83.97.73.129:19071

Attributes
  • auth_value

    2193aac8692a5e1ec66d9db9fa25ee00

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1292-117-0x0000000000270000-0x00000000002A0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections