General
-
Target
f0e01291507ed1aabbed81fa5a41fcf61afcc96d4ae7d29e12586a4a692ae4fe
-
Size
768KB
-
Sample
230912-mt6h2sed48
-
MD5
2e738f7057a29a055b7e052df93b05e2
-
SHA1
06321bd371910c697fd420fef8d5e5a91856783c
-
SHA256
f0e01291507ed1aabbed81fa5a41fcf61afcc96d4ae7d29e12586a4a692ae4fe
-
SHA512
96b586d3dca5db8354216bf9e4cea2aa1f63b1ac606276321c385bf0baacb2f0936469aeaf85ed0188b3b4903ab52db7a9dfd227693ac98bc0f3f057f5345902
-
SSDEEP
12288:7MrFy904RDNle6a6wmC8MHpgdr8Vi5mqpcgdlf/P+Yi2cdv2iNfxL1wHg3R:uydTzabmC80ad+Mtpcgd1n5ibdz1x2AB
Static task
static1
Behavioral task
behavioral1
Sample
f0e01291507ed1aabbed81fa5a41fcf61afcc96d4ae7d29e12586a4a692ae4fe.exe
Resource
win10-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
f0e01291507ed1aabbed81fa5a41fcf61afcc96d4ae7d29e12586a4a692ae4fe
-
Size
768KB
-
MD5
2e738f7057a29a055b7e052df93b05e2
-
SHA1
06321bd371910c697fd420fef8d5e5a91856783c
-
SHA256
f0e01291507ed1aabbed81fa5a41fcf61afcc96d4ae7d29e12586a4a692ae4fe
-
SHA512
96b586d3dca5db8354216bf9e4cea2aa1f63b1ac606276321c385bf0baacb2f0936469aeaf85ed0188b3b4903ab52db7a9dfd227693ac98bc0f3f057f5345902
-
SSDEEP
12288:7MrFy904RDNle6a6wmC8MHpgdr8Vi5mqpcgdlf/P+Yi2cdv2iNfxL1wHg3R:uydTzabmC80ad+Mtpcgd1n5ibdz1x2AB
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1