redline | 23ef5603149192e189998331bb9b43be07b0f97f258b517984b72bb47c1b2603 | Triage

Sharing

General

Target

j4022667.exe
Size

390KB
Sample

231004-hyll8abg33
MD5

4d8051a1ad2c9628e90f988da2b32b1b
SHA1

9bbd298aff71e744b6ad5c865becf0e152c68a89
SHA256

23ef5603149192e189998331bb9b43be07b0f97f258b517984b72bb47c1b2603
SHA512

728416fcc46c4a2d3ef4809f1d85d46bb137f2801a12168b61ca38f0e7a35cc12ef49be389943bb75aea971c2c8131a7a95e1b1ee26840dace370eb576105519
SSDEEP

6144:T9XFo/N5ExgFbNOUAHEHIXbLvZAOzz1jk4eUq9+GcVs0BC+:PwDExgFY5vxQ1UqcJs0BC+

Score

10^/10

redline gruha infostealer

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes

auth_value
2f4cf2e668a540e64775b27535cc6892

Targets

- Target
  
  j4022667.exe
- Size
  
  390KB
- MD5
  
  4d8051a1ad2c9628e90f988da2b32b1b
- SHA1
  
  9bbd298aff71e744b6ad5c865becf0e152c68a89
- SHA256
  
  23ef5603149192e189998331bb9b43be07b0f97f258b517984b72bb47c1b2603
- SHA512
  
  728416fcc46c4a2d3ef4809f1d85d46bb137f2801a12168b61ca38f0e7a35cc12ef49be389943bb75aea971c2c8131a7a95e1b1ee26840dace370eb576105519
- SSDEEP
  
  6144:T9XFo/N5ExgFbNOUAHEHIXbLvZAOzz1jk4eUq9+GcVs0BC+:PwDExgFY5vxQ1UqcJs0BC+
Score

10^/10

redline gruha infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinegruhainfostealer

behavioral2

redlinegruhainfostealer