Overview

overview

10

Static

static

10

1416-122-0...ry.exe

windows7-x64

1416-122-0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1416-122-0x00000000002A0000-0x00000000002D0000-memory.dmp

  • Size

    192KB

  • MD5

    0b922002dcfc04e09c1d12beb9a3b345

  • SHA1

    c2af774f8385f8d3ff773591715f12c191168cd0

  • SHA256

    ec4835df9f9cdeffa9a7e1e3d3d622c2e13fe2c2de76e0f2c4e5d0aab146cf19

  • SHA512

    e5a61ce30bc8c56cda5a064c223be2235b108723370d889300290c407a662a620df62b4669d936a9891026940d4eba7732f41b482577e3499917d7e088e1aa63

  • SSDEEP

    3072:hEV5bSQxA6IldyYxN3KVaxLzzUY472R8e8h9:hEFAlW8TLzzUY472R

Score
10/10
novakredline

Malware Config

Extracted

Family

redline

Botnet

novak

C2

77.91.124.49:19073

Attributes
  • auth_value

    31966dcd1c6ca86e6e8b0a259f9d8ffd

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1416-122-0x00000000002A0000-0x00000000002D0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections