redline | 17b8852c25b9a44c382f47fc48c37e231b15f7d7652a965acc5bf3536d20d738 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

j8141960.exe
Size

1.0MB
Sample

231011-h574ssbe56
MD5

f9146a1b45cf825140704b85e8850ad8
SHA1

6e580c4a6e706489904c5c84de03753b3a934f8b
SHA256

17b8852c25b9a44c382f47fc48c37e231b15f7d7652a965acc5bf3536d20d738
SHA512

229f610248ffff6b5cc8dc7a0d2135cb3f217959d0aa2c9d51c745a54474958849c4572aea1ecae9a4e840a3f91471d69461d359488e5a83c2adbdf7fb30944a
SSDEEP

12288:+0MIlnqLLU6pkpsDBk4RVExngp/niDolZKd5HduHy/ZkIh4xzcOIA9:+ekU6pkpsDBk4RVx/GM2HnkIh4f9

Score

10^/10

redline gruha infostealer

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes

auth_value
2f4cf2e668a540e64775b27535cc6892

Targets

- Target
  
  j8141960.exe
- Size
  
  1.0MB
- MD5
  
  f9146a1b45cf825140704b85e8850ad8
- SHA1
  
  6e580c4a6e706489904c5c84de03753b3a934f8b
- SHA256
  
  17b8852c25b9a44c382f47fc48c37e231b15f7d7652a965acc5bf3536d20d738
- SHA512
  
  229f610248ffff6b5cc8dc7a0d2135cb3f217959d0aa2c9d51c745a54474958849c4572aea1ecae9a4e840a3f91471d69461d359488e5a83c2adbdf7fb30944a
- SSDEEP
  
  12288:+0MIlnqLLU6pkpsDBk4RVExngp/niDolZKd5HduHy/ZkIh4xzcOIA9:+ekU6pkpsDBk4RVx/GM2HnkIh4f9
Score

10^/10

redline gruha infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

redlinegruhainfostealer

behavioral2

redlinegruhainfostealer