Overview

overview

10

Static

static

10

2368-2-0x0...ry.exe

windows7-x64

2368-2-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2368-2-0x0000000000400000-0x000000000041E000-memory.dmp

  • Size

    120KB

  • MD5

    1b9ae003f917a3f9c7cf9c7f66c4ed5c

  • SHA1

    e4e3018215f6795803311d1fb8420ea80ce95357

  • SHA256

    c8aadc17a8971a7c8dacb5c0881eceeeb5372a8ff7bee366700bb6b9e1f09574

  • SHA512

    0e9f84c055113bf575d9b7ed0682343a6369197cc75b4956f4d4fb3efa5a95553a7a1e79397d4cdebc3401cab8a04e5029d5c3dabc7ab50110f3f9baaf1b163a

  • SSDEEP

    1536:5qs+OqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2/teulgS6p8l:XRuOYj+zi0ZbYe1g0ujyzdr8

Score
10/10
@txtheadredlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

@txthead

C2

94.156.8.193:34427

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2368-2-0x0000000000400000-0x000000000041E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections