General
-
Target
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
Size
725KB
-
Sample
230912-qxjegada4v
-
MD5
bbe95b8a735c12810fac3e5947ec3e6d
-
SHA1
8974c04c5aee686183882b9f4927ad5b75408f2e
-
SHA256
dad68f81c9db740e51642022ef164159b3fb0ee16433ba55a8ad2e9b8a6bfd49
-
SHA512
e6be6a5410f3e41b3c3e9c5f0dff6de36a87301e6a8717e9d686dfb1638cfa205bf8d6135e8c2c25cd15a67fbbe3516f8b0c6e13915125b4c13eb61a074a037a
-
SSDEEP
12288:bxC4sHy90QsofS4MtSNEYe8pQ1uZ1jXfIVpR7pjvawfqct0RlxXgr9NKNdXb/PLW:bNsHyBS4eSF8uZhgV5SUqctG5SalbLW
Static task
static1
Behavioral task
behavioral1
Sample
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
redline
lada
77.91.124.82:19071
-
auth_value
252f78fed0684205b098417688fa33e2
Targets
-
-
Target
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
Size
769KB
-
MD5
baac7bc6698e5bee7dbc5d0cfb419149
-
SHA1
0048b2f882271bec2a2f51b00969e3d13dfb79f8
-
SHA256
c9845cf733be563b278dc2761904ab27efb014d703cdfe9c6a78cfa184cdbce5
-
SHA512
a5ffaea9abcf9c37627d47af6ed1b1c393d0cddb3b83be89dc6ddca68bbdf91a4d2696982a36a48b4a6d7d7e4afdfaa6b1f576c80ad42ef91bf4993d566931a9
-
SSDEEP
12288:hMrdy908L4Mvc62NQ1uZ1joZoIvpR1pTvZFE+fqct0Rn5X6r9v+N3SdDaNGJ:kyN4CciuZhoZrvrBy2qctcRM0CdoGJ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1