Overview

overview

10

Static

static

10

4140-1345-...ry.exe

windows7-x64

4140-1345-...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4140-1345-0x0000000000400000-0x000000000041E000-memory.dmp

  • Size

    120KB

  • MD5

    02fff5c56e84c1e9e3c9b2f0a407b64b

  • SHA1

    7b7fe987c9d2aee9499df1177c601d75e5828318

  • SHA256

    9acdd5562f39f8bc7f0b8c087d9bc018e60ff812aa8f95118f86bbbe532efc8e

  • SHA512

    ed72f9e87eb6e51b7ced90cfdcf110e2f7725bf06086a373707a8cd258ccf0eea89bd205a6fb95be8064252a04886fc50ba99daf9e99c8d378037e182a6334c8

  • SSDEEP

    1536:NqsIoqu3lbG6jejoigIH43Ywzi0Zb78ivombfexv0ujXyyed2rtmulgS6pIl:7Z1FYH+zi0ZbYe1g0ujyzdbI

Score
10/10
install_bot6redlinesectoprat

Malware Config

Extracted

Family

redline

Botnet

Install_bot6

C2

101.99.92.189:57725

Signatures

  • RedLine payload 1 IoCs
  • Redline family
    redline
  • SectopRAT payload 1 IoCs
  • Sectoprat family
    sectoprat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4140-1345-0x0000000000400000-0x000000000041E000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections