General

  • Target

    650ada27b894204248d0af32365b2f400e4a19244293ef54c439d2c54345449e

  • Size

    1.3MB

  • Sample

    230203-ben5nscg5v

  • MD5

    88472c005bdfa43a03ef843ab75ec661

  • SHA1

    0e536c0e1f5de122ca22de0c7b164f9fb6368c3b

  • SHA256

    650ada27b894204248d0af32365b2f400e4a19244293ef54c439d2c54345449e

  • SHA512

    6e5211efbe14925550bf71b78741c2643c5b1a022bbdb6e0ea80a6961678d1b64984304b2d0ae35e7b949fed9d80f749a74ec409dc46af6299366b8f12a03825

  • SSDEEP

    24576:Zlf4Qknt/xAfoqRBkXlSlj3mk4a9YUEBg+KWHxLA34penxHQOl+z92HoBqtUu0/k:ZlfpOyf/Q1+j3mkJStQ4GwOlQ2HySUr

Malware Config

Extracted

Family

redline

Botnet

HEXO-CLIENTS

C2

amrican-sport-live-stream.cc:4581

Attributes
  • auth_value

    c89aa436caaa4074b5f219890c543d38

Targets

    • Target

      650ada27b894204248d0af32365b2f400e4a19244293ef54c439d2c54345449e

    • Size

      1.3MB

    • MD5

      88472c005bdfa43a03ef843ab75ec661

    • SHA1

      0e536c0e1f5de122ca22de0c7b164f9fb6368c3b

    • SHA256

      650ada27b894204248d0af32365b2f400e4a19244293ef54c439d2c54345449e

    • SHA512

      6e5211efbe14925550bf71b78741c2643c5b1a022bbdb6e0ea80a6961678d1b64984304b2d0ae35e7b949fed9d80f749a74ec409dc46af6299366b8f12a03825

    • SSDEEP

      24576:Zlf4Qknt/xAfoqRBkXlSlj3mk4a9YUEBg+KWHxLA34penxHQOl+z92HoBqtUu0/k:ZlfpOyf/Q1+j3mkJStQ4GwOlQ2HySUr

    • Detect PureCrypter injector

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.