General

  • Target

    800-117-0x00000000003A0000-0x00000000003D0000-memory.dmp

  • Size

    192KB

  • MD5

    c9e45ddec8ddd056001fb67cff6303c0

  • SHA1

    928f25a1eb566e0913f3c789f7873c44b8b397b6

  • SHA256

    6a2b77d1ab605cbbaa51cae16f0fed798e59258657c5c9f5bb743f477ac3b8a1

  • SHA512

    57f5c901275424f2b6bfe7bbfcac113bea4bbec83d6b7417cc4f86ff4411a5c7f479ecfb5d951cfad9349f8caf24f683c02e54d19fa2dc98d2457d661eb359f6

  • SSDEEP

    1536:GsJdT36sv0W7T6IS+rHC1rRiX0WxJm6tVODxNuGYQj9buHxeBrKY0GkRU8e8hq:GsDpxYtkX08tMDxNqUiKrKY78e8hq

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

grom

C2

83.97.73.129:19071

Attributes
  • auth_value

    2193aac8692a5e1ec66d9db9fa25ee00

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 800-117-0x00000000003A0000-0x00000000003D0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections