General
-
Target
4e57802c581a0e6436eec84d5b55079b6aee18faebeed01bceb30d7f94b71d47
-
Size
769KB
-
Sample
230912-ldymtsea24
-
MD5
e967289514a47e6e27a61dad9171e617
-
SHA1
10859701befd36dc7da2f0a5f512b44eec53854c
-
SHA256
4e57802c581a0e6436eec84d5b55079b6aee18faebeed01bceb30d7f94b71d47
-
SHA512
aac36857a542f0f56ce4eaa5e6cf0396b9b70b067cb284357939ed2d1b0a6d91ec57cf46e4b554bad3d55b74c940372fb81950bebccfe48d02da632560442b43
-
SSDEEP
12288:EMr1y90tntQH1SPNjHGixT0ibzn5cX+1uaChN2sCQ9HOmbjuMKbrWUIKnAkue9Zq:xyaqVkxtPnN4N2fQ9H/uMK+XwA4b4
Static task
static1
Behavioral task
behavioral1
Sample
4e57802c581a0e6436eec84d5b55079b6aee18faebeed01bceb30d7f94b71d47.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
4e57802c581a0e6436eec84d5b55079b6aee18faebeed01bceb30d7f94b71d47
-
Size
769KB
-
MD5
e967289514a47e6e27a61dad9171e617
-
SHA1
10859701befd36dc7da2f0a5f512b44eec53854c
-
SHA256
4e57802c581a0e6436eec84d5b55079b6aee18faebeed01bceb30d7f94b71d47
-
SHA512
aac36857a542f0f56ce4eaa5e6cf0396b9b70b067cb284357939ed2d1b0a6d91ec57cf46e4b554bad3d55b74c940372fb81950bebccfe48d02da632560442b43
-
SSDEEP
12288:EMr1y90tntQH1SPNjHGixT0ibzn5cX+1uaChN2sCQ9HOmbjuMKbrWUIKnAkue9Zq:xyaqVkxtPnN4N2fQ9H/uMK+XwA4b4
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1