General
-
Target
694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600
-
Size
768KB
-
Sample
230912-lgwbwaea53
-
MD5
fde8ff5bee6f980f83a7ea022f65961f
-
SHA1
4533878a3423be7526abd9cb1c41fcf405cf35b3
-
SHA256
694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600
-
SHA512
1523c4c853cf09ef1600f88dcb9f078c5abec163627bea28c21118b642985f927a18def2c009045cdeafde8edf908b63ae0dc542704bea0bf8f9c89578e3dd9e
-
SSDEEP
12288:3Mr3y90DzzSU6F1PzZDUWWXB4mXqq0salOwaFiIE2G7N/o78GU/5EF0wlNQ:IyEiVF1PzJWRH+aFe7N/08GUREFFC
Static task
static1
Behavioral task
behavioral1
Sample
694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600
-
Size
768KB
-
MD5
fde8ff5bee6f980f83a7ea022f65961f
-
SHA1
4533878a3423be7526abd9cb1c41fcf405cf35b3
-
SHA256
694c63687361528f58c4fd4aa924272185654452b150277379c3196495b7f600
-
SHA512
1523c4c853cf09ef1600f88dcb9f078c5abec163627bea28c21118b642985f927a18def2c009045cdeafde8edf908b63ae0dc542704bea0bf8f9c89578e3dd9e
-
SSDEEP
12288:3Mr3y90DzzSU6F1PzZDUWWXB4mXqq0salOwaFiIE2G7N/o78GU/5EF0wlNQ:IyEiVF1PzJWRH+aFe7N/08GUREFFC
Score10/10-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-