General
-
Target
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
Size
769KB
-
Sample
230912-m1hqkaed78
-
MD5
baac7bc6698e5bee7dbc5d0cfb419149
-
SHA1
0048b2f882271bec2a2f51b00969e3d13dfb79f8
-
SHA256
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
SHA512
a5ffaea9abcf9c37627d47af6ed1b1c393d0cddb3b83be89dc6ddca68bbdf91a4d2696982a36a48b4a6d7d7e4afdfaa6b1f576c80ad42ef91bf4993d566931a9
-
SSDEEP
12288:hMrdy908L4Mvc62NQ1uZ1joZoIvpR1pTvZFE+fqct0Rn5X6r9v+N3SdDaNGJ:kyN4CciuZhoZrvrBy2qctcRM0CdoGJ
Static task
static1
Behavioral task
behavioral1
Sample
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
lada
77.91.124.82:19071
-
auth_value
252f78fed0684205b098417688fa33e2
Targets
-
-
Target
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
Size
769KB
-
MD5
baac7bc6698e5bee7dbc5d0cfb419149
-
SHA1
0048b2f882271bec2a2f51b00969e3d13dfb79f8
-
SHA256
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
SHA512
a5ffaea9abcf9c37627d47af6ed1b1c393d0cddb3b83be89dc6ddca68bbdf91a4d2696982a36a48b4a6d7d7e4afdfaa6b1f576c80ad42ef91bf4993d566931a9
-
SSDEEP
12288:hMrdy908L4Mvc62NQ1uZ1joZoIvpR1pTvZFE+fqct0Rn5X6r9v+N3SdDaNGJ:kyN4CciuZhoZrvrBy2qctcRM0CdoGJ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1