General
-
Target
26f89db7b979a760017e00dd81cba03bd52daaf4f2a2b892e47af1bfbc42f38c
-
Size
768KB
-
Sample
230912-lazqqadh67
-
MD5
afc1ec485f3eb64554901d0334594064
-
SHA1
25ce6bf78c68c5031f510a2bdf7c6fb5f63b3a42
-
SHA256
26f89db7b979a760017e00dd81cba03bd52daaf4f2a2b892e47af1bfbc42f38c
-
SHA512
89b6ed98d1a7032edc5a413aa674d344af98a0d425a1de200cfb07b7b70ceef4ab65415a762cb39e0fd55151e90ef0ce6473d37c7a6b9fe1d501dc68bc618a2b
-
SSDEEP
12288:DMrDy90S+N7IkX5BAV6szR4YvBUu/wkVFFMN8hL15dr7bu6BGMryc:cyZOX5B26WR4Ku0wU08n/7bu/c
Static task
static1
Behavioral task
behavioral1
Sample
26f89db7b979a760017e00dd81cba03bd52daaf4f2a2b892e47af1bfbc42f38c.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
26f89db7b979a760017e00dd81cba03bd52daaf4f2a2b892e47af1bfbc42f38c
-
Size
768KB
-
MD5
afc1ec485f3eb64554901d0334594064
-
SHA1
25ce6bf78c68c5031f510a2bdf7c6fb5f63b3a42
-
SHA256
26f89db7b979a760017e00dd81cba03bd52daaf4f2a2b892e47af1bfbc42f38c
-
SHA512
89b6ed98d1a7032edc5a413aa674d344af98a0d425a1de200cfb07b7b70ceef4ab65415a762cb39e0fd55151e90ef0ce6473d37c7a6b9fe1d501dc68bc618a2b
-
SSDEEP
12288:DMrDy90S+N7IkX5BAV6szR4YvBUu/wkVFFMN8hL15dr7bu6BGMryc:cyZOX5B26WR4Ku0wU08n/7bu/c
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1