Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    j1874993.exe

  • Size

    390KB

  • Sample

    231004-hxwqsshg6y

  • MD5

    917a092ad987565a5dc7994215a7bc4c

  • SHA1

    ab1ded1f85f73d5d4213c63d75690be715365e3a

  • SHA256

    b9db7b13ef839cf02efebdee5b78555f202c21d69380e3486b182a7399c02f22

  • SHA512

    cea17eec1063bef6f683bee8d6f544ee46ab1ae5b8cb366a901f74cd31aa015574903d339cea3283957250710e6cfca8e31432e4b403d5460645a47d8e9184e2

  • SSDEEP

    6144:/KXFo/N5ExgFbNOUAHEHIXbLvZAOAiQyhWHf5QPd4mFCN73Vs0BC+:cwDExgFY5vx+iQyQHf5QPdtCdFs0BC+

Score
10/10
redlinegruhainfostealer

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes
  • auth_value

    2f4cf2e668a540e64775b27535cc6892

Targets

    • Target

      j1874993.exe

    • Size

      390KB

    • MD5

      917a092ad987565a5dc7994215a7bc4c

    • SHA1

      ab1ded1f85f73d5d4213c63d75690be715365e3a

    • SHA256

      b9db7b13ef839cf02efebdee5b78555f202c21d69380e3486b182a7399c02f22

    • SHA512

      cea17eec1063bef6f683bee8d6f544ee46ab1ae5b8cb366a901f74cd31aa015574903d339cea3283957250710e6cfca8e31432e4b403d5460645a47d8e9184e2

    • SSDEEP

      6144:/KXFo/N5ExgFbNOUAHEHIXbLvZAOAiQyhWHf5QPd4mFCN73Vs0BC+:cwDExgFY5vx+iQyQHf5QPdtCdFs0BC+

    Score
    10/10
    redlinegruhainfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks