General
-
Target
x7688341.exe
-
Size
321KB
-
Sample
230919-hnwdnshe28
-
MD5
6f9fab527e0ccdc98d58ac716181b3c6
-
SHA1
851541e69cd89d0ebba22b0a2fdd63f40e6d723b
-
SHA256
93b183e0975c989bfbe8b579ce5d6e41ea957f4568a83e3ed264b4fc94f2f60b
-
SHA512
eb084cfb876b129a21a40eef6b3aec4ab7ea6bff8f960f8bf205aa1889c5be8ba9b34e301046c94b16e01a0542408be2114229dea1a316ef7f2d5a74ab5acce7
-
SSDEEP
6144:K1y+bnr+gp0yN90QEDkYflZhNry2xFCC1YamoCKJUU+EAwWoR6d028bC:TMrwy90eYfvrN0CIeJ7+FxvW2AC
Static task
static1
Behavioral task
behavioral1
Sample
x7688341.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
x7688341.exe
Resource
win10-20230915-en
Malware Config
Extracted
redline
black
77.91.124.82:19071
-
auth_value
c5887216cebc5a219113738140bc3047
Targets
-
-
Target
x7688341.exe
-
Size
321KB
-
MD5
6f9fab527e0ccdc98d58ac716181b3c6
-
SHA1
851541e69cd89d0ebba22b0a2fdd63f40e6d723b
-
SHA256
93b183e0975c989bfbe8b579ce5d6e41ea957f4568a83e3ed264b4fc94f2f60b
-
SHA512
eb084cfb876b129a21a40eef6b3aec4ab7ea6bff8f960f8bf205aa1889c5be8ba9b34e301046c94b16e01a0542408be2114229dea1a316ef7f2d5a74ab5acce7
-
SSDEEP
6144:K1y+bnr+gp0yN90QEDkYflZhNry2xFCC1YamoCKJUU+EAwWoR6d028bC:TMrwy90eYfvrN0CIeJ7+FxvW2AC
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1