General
-
Target
1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
-
Size
767KB
-
Sample
230912-mgcefaec88
-
MD5
d3007354f337b6ce3c06b3aed11d512b
-
SHA1
39a88742b5050181dd9022c4fd7e1588107e045e
-
SHA256
1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
-
SHA512
edb23d62558f564cac1fdf8e9c0fd05342a7094f737abe0ee6fbd66efecc21d69a34e77330bf084a9cccc7247588de3f805663eea6797a91a11648b036e4406b
-
SSDEEP
12288:mMrPy90a8xg8LjqUtELa4C0Wbg0jRuw6WDdGab3nT1ogBA1H9a:RyJ6jq4EC0KRjRVdTbyk
Static task
static1
Behavioral task
behavioral1
Sample
1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
-
Size
767KB
-
MD5
d3007354f337b6ce3c06b3aed11d512b
-
SHA1
39a88742b5050181dd9022c4fd7e1588107e045e
-
SHA256
1747c4946fcda52a3b7a52cb3fed735a9dc1510a4654cee0f9dfa6ea2ecca160
-
SHA512
edb23d62558f564cac1fdf8e9c0fd05342a7094f737abe0ee6fbd66efecc21d69a34e77330bf084a9cccc7247588de3f805663eea6797a91a11648b036e4406b
-
SSDEEP
12288:mMrPy90a8xg8LjqUtELa4C0Wbg0jRuw6WDdGab3nT1ogBA1H9a:RyJ6jq4EC0KRjRVdTbyk
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1