Overview

overview

10

Static

static

10

2968-130-0...ry.exe

windows7-x64

1

2968-130-0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2968-130-0x0000000000480000-0x000000000050C000-memory.dmp

  • Size

    560KB

  • MD5

    d563214b99d245ac5e5f2850c46ff05a

  • SHA1

    bd15e4fd0a432dac98303c7d73c848378d7dfe25

  • SHA256

    5183ad1dc86c9b6649115a20100b2cb214721168b3fd700eda953f3c0df4c606

  • SHA512

    3cb0c6a2c15e5c789eed4b4cf2549b6628cd5bd77eb4f384dcb7a4c7d96233968694831d820b62709a3d9707ec5f7e1efb9203f8691fe4644d17ac926924e7e4

  • SSDEEP

    12288:wFJTxMQxohumhGfDIELcQlBxVQblHG3vK6xwRTNhhMOq39jn3cq7v2jp2Rst:wFJTJxolIpxtaZHgEQOq39jn3ck+wst

Score
10/10
masharedline

Malware Config

Extracted

Family

redline

Botnet

masha

C2

77.91.68.48:19071

Attributes
  • auth_value

    55b9b39a0dae383196a4b8d79e5bb805

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2968-130-0x0000000000480000-0x000000000050C000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections