General
-
Target
b02066a1246fab6d1f8a9861681caa5713e5eeac31b2e36a9b293b62a7c88eb2
-
Size
768KB
-
Sample
230912-l4zb2seb88
-
MD5
d77d76987b76da6819c3afac90c0a3d8
-
SHA1
bded78bc32e2847eeb316b424578620c8ed7d66a
-
SHA256
b02066a1246fab6d1f8a9861681caa5713e5eeac31b2e36a9b293b62a7c88eb2
-
SHA512
604f9f22fd61a58117f32e856c855e5f1ba15dd2a6627c916178ff748b1f4b882ce8d2bc52cc6dfad1ce6a5ff71df44a3556555a5749448e15d86c9f3b790813
-
SSDEEP
12288:GMrcy90d+i3V7wUCGlHTSPrvoHogWq6IKhTxASBfoIPEsAV2Gj5H0uyfG7:6ybilk5sHTSPhZIMASGIPU55yfG7
Static task
static1
Behavioral task
behavioral1
Sample
b02066a1246fab6d1f8a9861681caa5713e5eeac31b2e36a9b293b62a7c88eb2.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
b02066a1246fab6d1f8a9861681caa5713e5eeac31b2e36a9b293b62a7c88eb2
-
Size
768KB
-
MD5
d77d76987b76da6819c3afac90c0a3d8
-
SHA1
bded78bc32e2847eeb316b424578620c8ed7d66a
-
SHA256
b02066a1246fab6d1f8a9861681caa5713e5eeac31b2e36a9b293b62a7c88eb2
-
SHA512
604f9f22fd61a58117f32e856c855e5f1ba15dd2a6627c916178ff748b1f4b882ce8d2bc52cc6dfad1ce6a5ff71df44a3556555a5749448e15d86c9f3b790813
-
SSDEEP
12288:GMrcy90d+i3V7wUCGlHTSPrvoHogWq6IKhTxASBfoIPEsAV2Gj5H0uyfG7:6ybilk5sHTSPhZIMASGIPU55yfG7
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1