General

  • Target

    53661074d0a6b4e280ebac14d61444984eb1513dd4a63e32d077d291f2167549.exe

  • Size

    203KB

  • Sample

    241121-earlsayhnl

  • MD5

    f22739fd155f021421ffe74f053a4507

  • SHA1

    84744009bf109831025c1ac0262749f23c3f29c6

  • SHA256

    53661074d0a6b4e280ebac14d61444984eb1513dd4a63e32d077d291f2167549

  • SHA512

    7de9b4997fd205b135d042d6a65df7d4a008f10be41a75d55688c7dc4e14902186e9f88fc4a68d6ef60696b2c15b3a53c7d118de24f217c03e55de9f981cbe0e

  • SSDEEP

    3072:Lma2Tw13jglOswfrLya3ApH+CNekWJnU0mPjd76ootSc/3smYMXrv:Ln2J1wfrLyaIeCNpWOPjd4BEdu

Malware Config

Extracted

Family

redline

C2

37.252.9.247:37711

Attributes
  • auth_value

    026e3efe08173cd9cc43c61448ed20f6

Targets

    • Target

      53661074d0a6b4e280ebac14d61444984eb1513dd4a63e32d077d291f2167549.exe

    • Size

      203KB

    • MD5

      f22739fd155f021421ffe74f053a4507

    • SHA1

      84744009bf109831025c1ac0262749f23c3f29c6

    • SHA256

      53661074d0a6b4e280ebac14d61444984eb1513dd4a63e32d077d291f2167549

    • SHA512

      7de9b4997fd205b135d042d6a65df7d4a008f10be41a75d55688c7dc4e14902186e9f88fc4a68d6ef60696b2c15b3a53c7d118de24f217c03e55de9f981cbe0e

    • SSDEEP

      3072:Lma2Tw13jglOswfrLya3ApH+CNekWJnU0mPjd76ootSc/3smYMXrv:Ln2J1wfrLyaIeCNpWOPjd4BEdu

    • Gurcu family

    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks