General
-
Target
2c4f307ad8a86c73c59ff8603ea00f2acd81acc1582c361454dd3046542112c7
-
Size
767KB
-
Sample
230912-majvyaec49
-
MD5
7a392249c4d4b66db32f15beea6ef90a
-
SHA1
49149588d496795fd5b4b09be9ae5ac2d005dfff
-
SHA256
2c4f307ad8a86c73c59ff8603ea00f2acd81acc1582c361454dd3046542112c7
-
SHA512
928c0a4d4b912c55041c3ec1a13a9e919eee77d8dfe820c5e018fa59d3556dad4a8af2a8650f368c9fd86e0ddc5b1daaf8299f0c896a3cae9374c09ea002aade
-
SSDEEP
12288:1Mrhy90PhlKp1eOa+ye9L+s52acgCYN/wFF4p/5SMMcWjz:oyGUda+ysLLRNMF4eMEz
Static task
static1
Behavioral task
behavioral1
Sample
2c4f307ad8a86c73c59ff8603ea00f2acd81acc1582c361454dd3046542112c7.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
2c4f307ad8a86c73c59ff8603ea00f2acd81acc1582c361454dd3046542112c7
-
Size
767KB
-
MD5
7a392249c4d4b66db32f15beea6ef90a
-
SHA1
49149588d496795fd5b4b09be9ae5ac2d005dfff
-
SHA256
2c4f307ad8a86c73c59ff8603ea00f2acd81acc1582c361454dd3046542112c7
-
SHA512
928c0a4d4b912c55041c3ec1a13a9e919eee77d8dfe820c5e018fa59d3556dad4a8af2a8650f368c9fd86e0ddc5b1daaf8299f0c896a3cae9374c09ea002aade
-
SSDEEP
12288:1Mrhy90PhlKp1eOa+ye9L+s52acgCYN/wFF4p/5SMMcWjz:oyGUda+ysLLRNMF4eMEz
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1