General
-
Target
3a8f22ea9247ba12276740888c7a9a8788ce979e8b28264aa64fb310a6e2d31f
-
Size
768KB
-
Sample
230912-lrgw8sea99
-
MD5
31e9f3737fd3f934ce46d6c2099e5243
-
SHA1
54e992452c1e7e0d068d22090541c8eea71049b3
-
SHA256
3a8f22ea9247ba12276740888c7a9a8788ce979e8b28264aa64fb310a6e2d31f
-
SHA512
634108bfebf5b3c2f868df51d0e13bbf1ae539863e29b410a139dcc12376380d1decdcec21406cc73943a5011ea49544bdeda74665ac557dc59ba4091a4f1991
-
SSDEEP
12288:6MrVy90aRBe0s3hBIVTjySblJVsRTWFEHY8cOWtgC+a:fyNRrqBAT2TWFEHY89FC+a
Static task
static1
Behavioral task
behavioral1
Sample
3a8f22ea9247ba12276740888c7a9a8788ce979e8b28264aa64fb310a6e2d31f.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
3a8f22ea9247ba12276740888c7a9a8788ce979e8b28264aa64fb310a6e2d31f
-
Size
768KB
-
MD5
31e9f3737fd3f934ce46d6c2099e5243
-
SHA1
54e992452c1e7e0d068d22090541c8eea71049b3
-
SHA256
3a8f22ea9247ba12276740888c7a9a8788ce979e8b28264aa64fb310a6e2d31f
-
SHA512
634108bfebf5b3c2f868df51d0e13bbf1ae539863e29b410a139dcc12376380d1decdcec21406cc73943a5011ea49544bdeda74665ac557dc59ba4091a4f1991
-
SSDEEP
12288:6MrVy90aRBe0s3hBIVTjySblJVsRTWFEHY8cOWtgC+a:fyNRrqBAT2TWFEHY89FC+a
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1