General

  • Target

    1800-122-0x00000000004C0000-0x00000000004F0000-memory.dmp

  • Size

    192KB

  • MD5

    1287edea5c47f9023df4ac00408d06e0

  • SHA1

    6e38e3f2eb9499f6f16ef1ea58306c0cd1ffe952

  • SHA256

    3b916f89ac7699a738d94fa64eabee9c42e4a870fb0a0e09f462f2c28a2bd88e

  • SHA512

    3eeade81cf1d99c642eb1dc95169ef32e53d1397ddd79fab0a93007ed3bd8e247686258dd1d846aa43d4c05c440d321cd480cafbbf6e279580d78f637c35f30e

  • SSDEEP

    3072:tO64zyFlJDGx0HqSYxNXUfMim4G3b8e8hE:df1s0HZ8em4G3b

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.68.70:19073

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1800-122-0x00000000004C0000-0x00000000004F0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections