redline | a09a8f63ea1e5aa0da9567588c9a9f6b8c5f587a24ce603612b9aebc31637f66 | Triage

Sharing

General

Target

j3160085.exe
Size

390KB
Sample

231004-hx5cyahg7w
MD5

4b307137183cd33be6ac81af694721ba
SHA1

ba1c9d62e7e97447c9c140e0df9574b1f9705a78
SHA256

a09a8f63ea1e5aa0da9567588c9a9f6b8c5f587a24ce603612b9aebc31637f66
SHA512

e5e3d8203f8801f698a1006f7976041219efb0269b63e5f714041488a3a302adcce5c22f221f2b5e349cdec2d4bf1e2520ead1b9606f0ace44c51c6875b1a3d8
SSDEEP

6144:YvXFo/N5ExgFbNOUAHEHIXbLvZAOixYPdgz0Tjxdy8MVs0BC+:IwDExgFY5vx0xudG0/q8Is0BC+

Score

10^/10

redline gruha infostealer

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes

auth_value
2f4cf2e668a540e64775b27535cc6892

Targets

- Target
  
  j3160085.exe
- Size
  
  390KB
- MD5
  
  4b307137183cd33be6ac81af694721ba
- SHA1
  
  ba1c9d62e7e97447c9c140e0df9574b1f9705a78
- SHA256
  
  a09a8f63ea1e5aa0da9567588c9a9f6b8c5f587a24ce603612b9aebc31637f66
- SHA512
  
  e5e3d8203f8801f698a1006f7976041219efb0269b63e5f714041488a3a302adcce5c22f221f2b5e349cdec2d4bf1e2520ead1b9606f0ace44c51c6875b1a3d8
- SSDEEP
  
  6144:YvXFo/N5ExgFbNOUAHEHIXbLvZAOixYPdgz0Tjxdy8MVs0BC+:IwDExgFY5vx0xudG0/q8Is0BC+
Score

10^/10

redline gruha infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinegruhainfostealer

behavioral2

redlinegruhainfostealer