Overview

overview

10

Static

static

10

2460-122-0...ry.exe

windows7-x64

1

2460-122-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2460-122-0x00000000043C0000-0x00000000043F0000-memory.dmp

  • Size

    192KB

  • MD5

    0dd94b363cab670cacc48881b60d2f24

  • SHA1

    57514a0c2509bb7fb3709d4cab322209edf3179f

  • SHA256

    e3053f544f9b220d81735272b8c3ff5af7b32fe75739bf3517b00c7c11a281b3

  • SHA512

    1c3d39b80d7864db28e844ed1f9e829ee4e008c0f4c2aa273f942cde2d52d9dbc2208ed6a467f3cd225bfd01180c5a28a646ca224a9e206890041faaa48245c4

  • SSDEEP

    3072:ykVMcaMmYYEn2tT9xNS6BpK7V78R1X8e8hQ:yQxVuTk57V78R1X

Score
10/10
cosmiccloud (https://cloudcosmic.store)redline

Malware Config

Extracted

Family

redline

Botnet

CosmicCloud (https://cloudcosmic.store)

C2

157.254.164.98:28449

Attributes
  • auth_value

    dd6f6a88a2f6e474f5facc69ce29d130

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2460-122-0x00000000043C0000-0x00000000043F0000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections