General
-
Target
54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897
-
Size
505KB
-
Sample
230816-egf4maha2s
-
MD5
23a107a1fe6ee986f4721ec19f136399
-
SHA1
a00ed93e9bd11a00a6061b8429df24f8df4f61e1
-
SHA256
54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897
-
SHA512
f660d8e17f2a24f990a6c18ce89435ec2fd8572b9b21abdc04f6c6d1a8e88b7f1d185c89be5b8ffb875c7f6cbfa8a406d367e9767d48bc59d71561b3d8dac0f2
-
SSDEEP
12288:XMrIy90P5Uwb3usu2e1fhAXMQIdfDCILlLAs1EVh9uv:fy8fb3QMMu9S
Static task
static1
Behavioral task
behavioral1
Sample
54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
dava
77.91.124.54:19071
-
auth_value
3ce5222c1baaa06681dfe0012ce1de23
Targets
-
-
Target
54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897
-
Size
505KB
-
MD5
23a107a1fe6ee986f4721ec19f136399
-
SHA1
a00ed93e9bd11a00a6061b8429df24f8df4f61e1
-
SHA256
54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897
-
SHA512
f660d8e17f2a24f990a6c18ce89435ec2fd8572b9b21abdc04f6c6d1a8e88b7f1d185c89be5b8ffb875c7f6cbfa8a406d367e9767d48bc59d71561b3d8dac0f2
-
SSDEEP
12288:XMrIy90P5Uwb3usu2e1fhAXMQIdfDCILlLAs1EVh9uv:fy8fb3QMMu9S
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1