General
-
Target
6354d05750849acc95a512499319f9b74dbd0c38cce3fb2e53dc5f1ed813e871
-
Size
826KB
-
Sample
230824-eh6exabd5y
-
MD5
afc5ca8d920d744ec23a729e7b70a0d7
-
SHA1
91c7e5d37b1d8de49a8c52200fc49479beba8803
-
SHA256
6354d05750849acc95a512499319f9b74dbd0c38cce3fb2e53dc5f1ed813e871
-
SHA512
27d895c9e2495fe7feb5dce652115375f07cb19bada1b7131c92a49b8980de8d48813211386bf67658160e9ac26d8332fa0d9c03e759c975dae99ad11a5c3928
-
SSDEEP
24576:3ywQPEHrTcSULexEjoaiI7gbwZtJvk1zz8:CwQMHrQTQp2MunvkZ
Static task
static1
Behavioral task
behavioral1
Sample
6354d05750849acc95a512499319f9b74dbd0c38cce3fb2e53dc5f1ed813e871.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
rwan
77.91.124.73:19071
-
auth_value
7c40eda5da4f888d6f61befbf947d9fe
Targets
-
-
Target
6354d05750849acc95a512499319f9b74dbd0c38cce3fb2e53dc5f1ed813e871
-
Size
826KB
-
MD5
afc5ca8d920d744ec23a729e7b70a0d7
-
SHA1
91c7e5d37b1d8de49a8c52200fc49479beba8803
-
SHA256
6354d05750849acc95a512499319f9b74dbd0c38cce3fb2e53dc5f1ed813e871
-
SHA512
27d895c9e2495fe7feb5dce652115375f07cb19bada1b7131c92a49b8980de8d48813211386bf67658160e9ac26d8332fa0d9c03e759c975dae99ad11a5c3928
-
SSDEEP
24576:3ywQPEHrTcSULexEjoaiI7gbwZtJvk1zz8:CwQMHrQTQp2MunvkZ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1