General

  • Target

    2800-1-0x0000000000400000-0x0000000000450000-memory.dmp

  • Size

    320KB

  • MD5

    c9d801132fdd2cae9a074ae1ae5f5305

  • SHA1

    0c3d8e7150489f8161231068ac61e1eabd05b05d

  • SHA256

    fe18e0790371a51523be115ff4a8a2b22c9f706e9d69b27bd66eb8da994e88ee

  • SHA512

    8dfff8978f12a737cbe51150d11ada0dadb6fbf3203e898f056b31d275a8aca689874c2188f4b22862aa3c1e907b979c1a129c11122a64906d296bb621567793

  • SSDEEP

    3072:lqFFrqwIOGDdyTj4hXjS2eHqeEFp6wlqgnI7hdJiJTZO5HgccZqf7D34teqiOLC3:sBIOGhpWTRV3dsJTZGRcZqf7DIXL

Score
10/10

Malware Config

Extracted

Family

redline

Botnet

@kolnausgb

C2

94.228.166.68:80

Signatures

  • RedLine payload 1 IoCs
  • Redline family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2800-1-0x0000000000400000-0x0000000000450000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections