General
-
Target
b8fb80952ef3c32d03508d43332aad163f8e78dd7122095b477df50f24528aa6
-
Size
768KB
-
Sample
230912-lnjxesbd8y
-
MD5
d1d1d03b56c11db3f0edf632dd324f1d
-
SHA1
8fc63b36bef14c5d2eca1a8307c64ad223c165fc
-
SHA256
b8fb80952ef3c32d03508d43332aad163f8e78dd7122095b477df50f24528aa6
-
SHA512
3784d8803fdef678c2ce2f11f3a9f511b99a7c1c6970c5b196064e0518a22e1ebc9475d32da13239eb587b87fb2e1ea71472e9204e199c67e090e9ecd818c0a9
-
SSDEEP
24576:PygFhrj59x91Hg2z0MLOgT93FZOy0s6saHI:agH5fAaegT93Vw
Static task
static1
Behavioral task
behavioral1
Sample
b8fb80952ef3c32d03508d43332aad163f8e78dd7122095b477df50f24528aa6.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
b8fb80952ef3c32d03508d43332aad163f8e78dd7122095b477df50f24528aa6
-
Size
768KB
-
MD5
d1d1d03b56c11db3f0edf632dd324f1d
-
SHA1
8fc63b36bef14c5d2eca1a8307c64ad223c165fc
-
SHA256
b8fb80952ef3c32d03508d43332aad163f8e78dd7122095b477df50f24528aa6
-
SHA512
3784d8803fdef678c2ce2f11f3a9f511b99a7c1c6970c5b196064e0518a22e1ebc9475d32da13239eb587b87fb2e1ea71472e9204e199c67e090e9ecd818c0a9
-
SSDEEP
24576:PygFhrj59x91Hg2z0MLOgT93FZOy0s6saHI:agH5fAaegT93Vw
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1