General
-
Target
7c45815cf79b77dd1c2067b2a7d2cc51a27269173ee20a76b464579bdad66330
-
Size
769KB
-
Sample
230912-lvn5qaeb56
-
MD5
2792d086a93b9cd8cde1c83c679093f7
-
SHA1
70c8b704ad8e49398628c3d5adc33295ea4c7a9d
-
SHA256
7c45815cf79b77dd1c2067b2a7d2cc51a27269173ee20a76b464579bdad66330
-
SHA512
c392f320bf15e2a2673ccb630655df5e3d46495ea230b46553b7dba39df34ad5af72d8644f1547ad845fa96663be58087c38155ae83100124fed4b25e78249ca
-
SSDEEP
12288:PMrwy909JmWmomr5h7ThgbifJ11zcnsxfSGaaij8x2PMHg/DO07/BB+:7y6tmt1ThgeBzAnYbtivOs/K
Static task
static1
Behavioral task
behavioral1
Sample
7c45815cf79b77dd1c2067b2a7d2cc51a27269173ee20a76b464579bdad66330.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
7c45815cf79b77dd1c2067b2a7d2cc51a27269173ee20a76b464579bdad66330
-
Size
769KB
-
MD5
2792d086a93b9cd8cde1c83c679093f7
-
SHA1
70c8b704ad8e49398628c3d5adc33295ea4c7a9d
-
SHA256
7c45815cf79b77dd1c2067b2a7d2cc51a27269173ee20a76b464579bdad66330
-
SHA512
c392f320bf15e2a2673ccb630655df5e3d46495ea230b46553b7dba39df34ad5af72d8644f1547ad845fa96663be58087c38155ae83100124fed4b25e78249ca
-
SSDEEP
12288:PMrwy909JmWmomr5h7ThgbifJ11zcnsxfSGaaij8x2PMHg/DO07/BB+:7y6tmt1ThgeBzAnYbtivOs/K
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1