Overview

overview

10

Static

static

10

4816-68-0x...ry.exe

windows7-x64

4816-68-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4816-68-0x0000000000D10000-0x0000000000D62000-memory.dmp

  • Size

    328KB

  • MD5

    605efb97d559ec6c2c052d6e4f5e28bb

  • SHA1

    66c861e0eb951f44350ee8c4ea07aba31db25863

  • SHA256

    60d0205f404d4a80269dc13d6ca260cfbdbfe503d94524bd21928519f507f1ba

  • SHA512

    371ce90a37968a693bd02ad5cea5e5b8f8be0179f276758604af6cdbe445e62437088d52fcb91e96176c7b6c061397836ec64b2f88890265d852fd2d851583d8

  • SSDEEP

    3072:fq6EgY6iorUjwWYbwPSIy7LtDIU9TAhtAMKbRcZqf7D34FeqiOLibBOA:SqY6i4wPwHtDIU9TA3AHRcZqf7DIPL

Score
10/10
@cloudytteamredline

Malware Config

Extracted

Family

redline

Botnet

@CLOUDYTTEAM

C2

185.172.128.33:8970

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4816-68-0x0000000000D10000-0x0000000000D62000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections