redline | f2cd3ff7cdd14054ee1722750cda3c2563a034d837c6f1e9c11ca097e4785738 | Triage

Sharing

General

Target

i1632028.exe
Size

314KB
Sample

230530-bpkj8sed54
MD5

7202746b3da0725d56db26415b55dff3
SHA1

161f18b64c868aa1181f2b0b7631c9c647a3a487
SHA256

f2cd3ff7cdd14054ee1722750cda3c2563a034d837c6f1e9c11ca097e4785738
SHA512

33531c599ea1555b02dd8bd3404bad9882885f6fb1cef398067795f4da68b2a709fa3631a29593db0ca2aa86db689a316786b0ec63a17caa13fa42da37c04503
SSDEEP

6144:HPY2iMnOIiKeLSOVcn5mh/4FsyTkT/kFjAgk+:wMnZiKeLF05mh/SkT/kFjJ

Score

10^/10

redline goga infostealer

Malware Config

Extracted

Family

redline

Botnet

goga

C2

83.97.73.122:19062

Attributes

auth_value
6d57dff6d3c42dddb8a76dc276b8467f

Targets

- Target
  
  i1632028.exe
- Size
  
  314KB
- MD5
  
  7202746b3da0725d56db26415b55dff3
- SHA1
  
  161f18b64c868aa1181f2b0b7631c9c647a3a487
- SHA256
  
  f2cd3ff7cdd14054ee1722750cda3c2563a034d837c6f1e9c11ca097e4785738
- SHA512
  
  33531c599ea1555b02dd8bd3404bad9882885f6fb1cef398067795f4da68b2a709fa3631a29593db0ca2aa86db689a316786b0ec63a17caa13fa42da37c04503
- SSDEEP
  
  6144:HPY2iMnOIiKeLSOVcn5mh/4FsyTkT/kFjAgk+:wMnZiKeLF05mh/SkT/kFjJ
Score

10^/10

redline goga infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinegogainfostealer

behavioral2

redlinegogainfostealer