General
-
Target
7a1badb466441fd23b1b5d81230a2ab3f2ee0f244ea83d6a07f791e2d2b22e5f
-
Size
768KB
-
Sample
230912-lynclaeb64
-
MD5
f63f8dc3b79b70aa89212d7674ac7e9d
-
SHA1
833ecfd96b3c421dc2506f792281077812f1922c
-
SHA256
7a1badb466441fd23b1b5d81230a2ab3f2ee0f244ea83d6a07f791e2d2b22e5f
-
SHA512
569b450048630b6f8b9250577f475e521f214216494950dd005dd65841add8d59adea4f149d8c08e19697873abd72dceb42ef8fad904c9f5bf972e92e5500275
-
SSDEEP
12288:qMrey90EmpXRYVfSuOr8CCa7lp3E6LFgnf2yo5CowyKy4Wtz0ErI+xtpXS:sysFDVhnlpU6B6f2yHpyxtztrI+xy
Static task
static1
Behavioral task
behavioral1
Sample
7a1badb466441fd23b1b5d81230a2ab3f2ee0f244ea83d6a07f791e2d2b22e5f.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
7a1badb466441fd23b1b5d81230a2ab3f2ee0f244ea83d6a07f791e2d2b22e5f
-
Size
768KB
-
MD5
f63f8dc3b79b70aa89212d7674ac7e9d
-
SHA1
833ecfd96b3c421dc2506f792281077812f1922c
-
SHA256
7a1badb466441fd23b1b5d81230a2ab3f2ee0f244ea83d6a07f791e2d2b22e5f
-
SHA512
569b450048630b6f8b9250577f475e521f214216494950dd005dd65841add8d59adea4f149d8c08e19697873abd72dceb42ef8fad904c9f5bf972e92e5500275
-
SSDEEP
12288:qMrey90EmpXRYVfSuOr8CCa7lp3E6LFgnf2yo5CowyKy4Wtz0ErI+xtpXS:sysFDVhnlpU6B6f2yHpyxtztrI+xy
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1