General
-
Target
d38551fe889202c6c7b67008daaa2c8d684104e1ebedcfce2003be7d31b1034b
-
Size
723KB
-
Sample
230912-q8cq3afg53
-
MD5
38945825dd7a1c4709863a2b533cef16
-
SHA1
94a8f7710d9d195444dc025ba68eb3cd11c0521c
-
SHA256
41b72d6062975c186656bc87f21d4d20d610c283df8148d887fb94c687864a2f
-
SHA512
92e0b2d5d6f15f12a652f210c92e527533c7325569e6e37f16071b28315699a328d11fd4c9a8e17ec4055325024874492d9eaeee8f5201fc479cc3ae648b90ea
-
SSDEEP
12288:R46Qy90Ex3wzFug+r6CoFPjh06ia85r+z37z0v3AqVH8uMn003ZVdK6PLZ:ayBgzpqtUPjh0638a3fSQqlSfjTZ
Static task
static1
Behavioral task
behavioral1
Sample
d38551fe889202c6c7b67008daaa2c8d684104e1ebedcfce2003be7d31b1034b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
d38551fe889202c6c7b67008daaa2c8d684104e1ebedcfce2003be7d31b1034b.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
d38551fe889202c6c7b67008daaa2c8d684104e1ebedcfce2003be7d31b1034b
-
Size
767KB
-
MD5
87d2a3a38d3aec0a0ed2430271d0ab2e
-
SHA1
affc34187e24801769bef3405de97d9ca1d93e11
-
SHA256
d38551fe889202c6c7b67008daaa2c8d684104e1ebedcfce2003be7d31b1034b
-
SHA512
7f2abb2ed672eb266c152a275970b8aa8d167a4f6ee42f6c8efc94b1c5a63375aaf3c85c99c410f60012e7ec94837b275000036ffa4e6ae3724df53b47ebc66d
-
SSDEEP
12288:1MrZy90rSwzJug+rN1em3Hjh04qg85rCzx1zSv3ACVB88MnS037VP/O3yszF:oyK1ztqN7Hjh04D8axdQQCna7PAn
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1