General
-
Target
x3716465.exe
-
Size
320KB
-
Sample
230919-hngkhsfd6v
-
MD5
bd8aac74df67f6fde61f5f9a924ed6d4
-
SHA1
836e6a69bbef277e18383abe776abc058b9c5341
-
SHA256
4e82ae18daf05be90f7731212b8b696a52e48d1a771d434e99c7705bf6e5486b
-
SHA512
da1c41e43d9ef43eb78b39cd7a1aa1d443181d189385065e8380c188d981436cac43cc33d3d72c251739ce2719472c4bb5706d44adda540e2b50213c2722c727
-
SSDEEP
6144:K7y+bnr+mp0yN90QEAGp7GKQ1zpOOGAgkZSLx/6oAKpL2Ajdg:BMr6y90zJNeQVdp2OS
Static task
static1
Behavioral task
behavioral1
Sample
x3716465.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
x3716465.exe
Resource
win10-20230915-en
Malware Config
Extracted
redline
vasha
77.91.124.82:19071
-
auth_value
42fc61786274daca54d589b85a2c1954
Targets
-
-
Target
x3716465.exe
-
Size
320KB
-
MD5
bd8aac74df67f6fde61f5f9a924ed6d4
-
SHA1
836e6a69bbef277e18383abe776abc058b9c5341
-
SHA256
4e82ae18daf05be90f7731212b8b696a52e48d1a771d434e99c7705bf6e5486b
-
SHA512
da1c41e43d9ef43eb78b39cd7a1aa1d443181d189385065e8380c188d981436cac43cc33d3d72c251739ce2719472c4bb5706d44adda540e2b50213c2722c727
-
SSDEEP
6144:K7y+bnr+mp0yN90QEAGp7GKQ1zpOOGAgkZSLx/6oAKpL2Ajdg:BMr6y90zJNeQVdp2OS
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1