General
-
Target
9b8efd3c0885e6fee9d8cdd076cc729e86d37d6befe090f213da09f8b472dc7c
-
Size
767KB
-
Sample
230912-mndababg3s
-
MD5
b44a0d8938f306b98a793e637fef57be
-
SHA1
83e0cfea8e6a76d269afe33cc0f0fb31717e1f84
-
SHA256
9b8efd3c0885e6fee9d8cdd076cc729e86d37d6befe090f213da09f8b472dc7c
-
SHA512
95f3bf27d12f5ada95932b4911b75ab53851b1dc6fee64d28788ca5e87205eb1025884b1846e6329754b8cc509da48b18671f720f2ac6d652340ba6eeacfcc67
-
SSDEEP
12288:gMrLy90w3cMM1/GiBEjeorRzZpr6BjJods/so84WOj+mRLL3p92d1Ogh4:7yEnAje4tje4ds/s7sP2Bh4
Static task
static1
Behavioral task
behavioral1
Sample
9b8efd3c0885e6fee9d8cdd076cc729e86d37d6befe090f213da09f8b472dc7c.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
9b8efd3c0885e6fee9d8cdd076cc729e86d37d6befe090f213da09f8b472dc7c
-
Size
767KB
-
MD5
b44a0d8938f306b98a793e637fef57be
-
SHA1
83e0cfea8e6a76d269afe33cc0f0fb31717e1f84
-
SHA256
9b8efd3c0885e6fee9d8cdd076cc729e86d37d6befe090f213da09f8b472dc7c
-
SHA512
95f3bf27d12f5ada95932b4911b75ab53851b1dc6fee64d28788ca5e87205eb1025884b1846e6329754b8cc509da48b18671f720f2ac6d652340ba6eeacfcc67
-
SSDEEP
12288:gMrLy90w3cMM1/GiBEjeorRzZpr6BjJods/so84WOj+mRLL3p92d1Ogh4:7yEnAje4tje4ds/s7sP2Bh4
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1