Overview

overview

10

Static

static

10

4928-28-0x...ry.exe

windows7-x64

4928-28-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4928-28-0x0000000000200000-0x000000000021E000-memory.dmp

  • Size

    120KB

  • MD5

    7affc3738ecf711a950b279f26c57d8f

  • SHA1

    7f278d17878498aa1f75a7cb0538ea6bbeacc43e

  • SHA256

    fdca0fd84dac4bebfaeced891828afd8a114c743060b4aacf6aaf710ba205afe

  • SHA512

    7a3d276df8d653b4dd8beb1d7bc3ad16ad33b43cf132cbe734735f471bc2612d968211abf22f9074bf049d5d686746748a39dbb8199931c0648b0e7e2dad194f

  • SSDEEP

    1536:xqs+1tqzClbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2VtmulgS6pk:fCtAyYr+zi0ZbYe1g0ujyzdtk

Score
10/10
idsredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

IDS

C2

91.92.252.220:9078

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4928-28-0x0000000000200000-0x000000000021E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections