General

  • Target

    j3638661.exe

  • Size

    384KB

  • Sample

    231011-l36dzahh39

  • MD5

    7c73ccffc9fd1bb94bc20c9047c8bba2

  • SHA1

    2b336775b52f623d8e6dc21f5babd15edb8c42b2

  • SHA256

    009e2c4ccbba2d91a056a0a48d6d6ea03714e76bffe37dc8f714d79a6b30e8e3

  • SHA512

    380fc504d8117a75f80145bfd421b840d12843fb4b9761a8abaa9f8411260eddd26f0da8a3ed362f884f0a213f0e018ed353eaa66e2f6a9dcda990b3f3d46b13

  • SSDEEP

    12288:7TRweSHxzyZg09spUfzMJZVk95wWW6ruUF4S:7eejZgrsW6rv2

Malware Config

Extracted

Family

redline

Botnet

gruha

C2

77.91.124.55:19071

Attributes
  • auth_value

    2f4cf2e668a540e64775b27535cc6892

Targets

    • Target

      j3638661.exe

    • Size

      384KB

    • MD5

      7c73ccffc9fd1bb94bc20c9047c8bba2

    • SHA1

      2b336775b52f623d8e6dc21f5babd15edb8c42b2

    • SHA256

      009e2c4ccbba2d91a056a0a48d6d6ea03714e76bffe37dc8f714d79a6b30e8e3

    • SHA512

      380fc504d8117a75f80145bfd421b840d12843fb4b9761a8abaa9f8411260eddd26f0da8a3ed362f884f0a213f0e018ed353eaa66e2f6a9dcda990b3f3d46b13

    • SSDEEP

      12288:7TRweSHxzyZg09spUfzMJZVk95wWW6ruUF4S:7eejZgrsW6rv2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks