General
-
Target
x1368633.exe
-
Size
487KB
-
Sample
230919-hnvr5sfd7y
-
MD5
66fc7c0264275bd0d212270b875c36e7
-
SHA1
9b46dc1c23a4347f203aad5d138c5948918c7b22
-
SHA256
67984aa804e237aeb7bd79a1441ad49a6e5fc935bf44f324e23b97da314a7331
-
SHA512
ee46610b5fb07a4e16d152e9631def521192ef09c14d420091c57865a503f7707bff1aa591e410f61aae9d86dd6b9b02612511b80ffc3ddabbeee7ef6a6d64cf
-
SSDEEP
12288:YMr1y90xn7aNs00TlBbibI7Jb8Fxvi2AJ/lcoh:9ym7acTD+bY8F1i285h
Static task
static1
Behavioral task
behavioral1
Sample
x1368633.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
x1368633.exe
Resource
win10-20230915-en
Malware Config
Extracted
redline
black
77.91.124.82:19071
-
auth_value
c5887216cebc5a219113738140bc3047
Targets
-
-
Target
x1368633.exe
-
Size
487KB
-
MD5
66fc7c0264275bd0d212270b875c36e7
-
SHA1
9b46dc1c23a4347f203aad5d138c5948918c7b22
-
SHA256
67984aa804e237aeb7bd79a1441ad49a6e5fc935bf44f324e23b97da314a7331
-
SHA512
ee46610b5fb07a4e16d152e9631def521192ef09c14d420091c57865a503f7707bff1aa591e410f61aae9d86dd6b9b02612511b80ffc3ddabbeee7ef6a6d64cf
-
SSDEEP
12288:YMr1y90xn7aNs00TlBbibI7Jb8Fxvi2AJ/lcoh:9ym7acTD+bY8F1i285h
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1