redline | c7388325f0551afadac9dcfa8272e1856bb80eca1a0cf25d2beb8aecdd2b14fa | Triage

Sharing

General

Target

k2031714.exe
Size

419KB
Sample

230912-gxd1baeb79
MD5

f76774f85a46dc76b44790ee40f7b36b
SHA1

4beacf92df7891b3d6a24f7d0c407d5477e891c3
SHA256

c7388325f0551afadac9dcfa8272e1856bb80eca1a0cf25d2beb8aecdd2b14fa
SHA512

77e0e795073f94631981a393707b5b8fa564ba24ab0074eadd987f6810762f81bd2049d60d3e9ec3f207ff96df93e9692d432947eb4d55167c308a9ad171bd82
SSDEEP

6144:gNia2/KMiCQy4bwSjQzL9ois436xMhAOub7LrMLFKdhbl6UnUWgfPstAtiMXY:g32SMiu4Ms436xMhIb4wd3

Score

10^/10

redline tuco infostealer

Malware Config

Extracted

Family

redline

Botnet

tuco

C2

77.91.124.82:19071

Attributes

auth_value
dcfeb759bae9232de006fc3a4b34ac53

Targets

- Target
  
  k2031714.exe
- Size
  
  419KB
- MD5
  
  f76774f85a46dc76b44790ee40f7b36b
- SHA1
  
  4beacf92df7891b3d6a24f7d0c407d5477e891c3
- SHA256
  
  c7388325f0551afadac9dcfa8272e1856bb80eca1a0cf25d2beb8aecdd2b14fa
- SHA512
  
  77e0e795073f94631981a393707b5b8fa564ba24ab0074eadd987f6810762f81bd2049d60d3e9ec3f207ff96df93e9692d432947eb4d55167c308a9ad171bd82
- SSDEEP
  
  6144:gNia2/KMiCQy4bwSjQzL9ois436xMhAOub7LrMLFKdhbl6UnUWgfPstAtiMXY:g32SMiu4Ms436xMhIb4wd3
Score

10^/10

redline tuco infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinetucoinfostealer

behavioral2

redlinetucoinfostealer