Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

j3405793.exe
Size

399KB
Sample

230919-hm18jafd5t
MD5

11dbb5b629e4e609f737591f4842389e
SHA1

75bbb1243da988a5f5282ace12a42c12dd3eda16
SHA256

d2a009b0a6e8103314d32782aa1510615a6b5ed1d996fea9aaa46c49d2abb1b1
SHA512

8f8fd4fe1eb184244bcf10fd1166f60e49fd1f72fc2e9bea442dc769f722c75a4067baf511de007429e424d8798243e2184e520f98df88fd725733461556e65f
SSDEEP

6144:Ng5jEL2jicP5iOo2T8VrSd/sUAODcl0cxOSFKVu7I8F51Sa:Ng5eqiG59ouBcucxOSI0F51Sa

Score

10^/10

redline prets infostealer

Malware Config

Extracted

Family

redline

Botnet

prets

C2

77.91.124.82:19071

Attributes

auth_value
44ee9617e145f5ca73d49c1a4a0c2e34

Targets

- Target
  
  j3405793.exe
- Size
  
  399KB
- MD5
  
  11dbb5b629e4e609f737591f4842389e
- SHA1
  
  75bbb1243da988a5f5282ace12a42c12dd3eda16
- SHA256
  
  d2a009b0a6e8103314d32782aa1510615a6b5ed1d996fea9aaa46c49d2abb1b1
- SHA512
  
  8f8fd4fe1eb184244bcf10fd1166f60e49fd1f72fc2e9bea442dc769f722c75a4067baf511de007429e424d8798243e2184e520f98df88fd725733461556e65f
- SSDEEP
  
  6144:Ng5jEL2jicP5iOo2T8VrSd/sUAODcl0cxOSFKVu7I8F51Sa:Ng5eqiG59ouBcucxOSI0F51Sa
Score

10^/10

redline prets infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinepretsinfostealer

behavioral2

redlinepretsinfostealer