General
-
Target
c0cd498092f18a2e1254b0b40fb102aba51a06c5d5fd79bbc13ce86c2a6fb90e
-
Size
767KB
-
Sample
230912-mqzakabg4v
-
MD5
3716b96ff3205c816392f5509ba7949d
-
SHA1
0aea06029f35e687f5b6afda259c74a51c991809
-
SHA256
c0cd498092f18a2e1254b0b40fb102aba51a06c5d5fd79bbc13ce86c2a6fb90e
-
SHA512
81fea7f2a36d8cdc5b30686e7d8ba0f232a778d652793fadd0690b83feac4677d4c387c92cb97031c0b30d4f38e263f3f4908f1ca87b107bddd5ba24db224147
-
SSDEEP
12288:hMrjy90Zcz5Fkg3zZxCQArlQVl37MY2aqOZfZTQzU94lKiJU5:aygg3lxCQLi0qQTQw94lvJc
Static task
static1
Behavioral task
behavioral1
Sample
c0cd498092f18a2e1254b0b40fb102aba51a06c5d5fd79bbc13ce86c2a6fb90e.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
c0cd498092f18a2e1254b0b40fb102aba51a06c5d5fd79bbc13ce86c2a6fb90e
-
Size
767KB
-
MD5
3716b96ff3205c816392f5509ba7949d
-
SHA1
0aea06029f35e687f5b6afda259c74a51c991809
-
SHA256
c0cd498092f18a2e1254b0b40fb102aba51a06c5d5fd79bbc13ce86c2a6fb90e
-
SHA512
81fea7f2a36d8cdc5b30686e7d8ba0f232a778d652793fadd0690b83feac4677d4c387c92cb97031c0b30d4f38e263f3f4908f1ca87b107bddd5ba24db224147
-
SSDEEP
12288:hMrjy90Zcz5Fkg3zZxCQArlQVl37MY2aqOZfZTQzU94lKiJU5:aygg3lxCQLi0qQTQw94lvJc
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1