Resubmissions

13-11-2023 22:04

231113-1yw23afg53 10

15-04-2022 07:01

220415-hs782adef5 10

General

  • Target

    AutoInstall.exe

  • Size

    1.8MB

  • Sample

    231113-1yw23afg53

  • MD5

    d22dea0339065ec05cccf525b72a7b12

  • SHA1

    fb73af59c4498f28ffd714d467551ec465b77d7d

  • SHA256

    92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3

  • SHA512

    9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573

  • SSDEEP

    49152:8LJyCp/gah3h6AS6UFfrHDu7kLNKxe1iuIy8EpDOPSFVF6:8Nb1V5S3rHDugLNKxAgiOPqi

Malware Config

Extracted

Family

redline

Botnet

@SDSAads2

C2

104.168.44.52:80

Attributes
  • auth_value

    589d0e9314616e09f68efd12b2086ab8

Targets

    • Target

      AutoInstall.exe

    • Size

      1.8MB

    • MD5

      d22dea0339065ec05cccf525b72a7b12

    • SHA1

      fb73af59c4498f28ffd714d467551ec465b77d7d

    • SHA256

      92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3

    • SHA512

      9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573

    • SSDEEP

      49152:8LJyCp/gah3h6AS6UFfrHDu7kLNKxe1iuIy8EpDOPSFVF6:8Nb1V5S3rHDugLNKxAgiOPqi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks