redline | db054b38f91e99a141b7a35adfabc674f692baf91f6f17dab63ae0d6d739bb39 | Triage

Sharing

General

Target

k7748312.exe
Size

419KB
Sample

230912-gw92csdg2y
MD5

eacefc520ab5e68a98e747cb29d618c6
SHA1

c08cf65f0d8735a3dce6e1a23694def8d7294cc9
SHA256

db054b38f91e99a141b7a35adfabc674f692baf91f6f17dab63ae0d6d739bb39
SHA512

161c44bfa3b35a8cde35b7e95b2073a4389101b318d8a17811e198ed97321ec17dd74485e03a5ac1d88c089f73cee7dfff028dc8fa80dc25b255f6061dd433f9
SSDEEP

12288:b22SMiu4Ms436xMhzbimR12rwxjBcL5IpAVd+r7p:b2SiHAa5H

Score

10^/10

redline tuco infostealer

Malware Config

Extracted

Family

redline

Botnet

tuco

C2

77.91.124.82:19071

Attributes

auth_value
dcfeb759bae9232de006fc3a4b34ac53

Targets

- Target
  
  k7748312.exe
- Size
  
  419KB
- MD5
  
  eacefc520ab5e68a98e747cb29d618c6
- SHA1
  
  c08cf65f0d8735a3dce6e1a23694def8d7294cc9
- SHA256
  
  db054b38f91e99a141b7a35adfabc674f692baf91f6f17dab63ae0d6d739bb39
- SHA512
  
  161c44bfa3b35a8cde35b7e95b2073a4389101b318d8a17811e198ed97321ec17dd74485e03a5ac1d88c089f73cee7dfff028dc8fa80dc25b255f6061dd433f9
- SSDEEP
  
  12288:b22SMiu4Ms436xMhzbimR12rwxjBcL5IpAVd+r7p:b2SiHAa5H
Score

10^/10

redline tuco infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinetucoinfostealer

behavioral2

redlinetucoinfostealer