General
-
Target
24ff3b8c11844eef227e0aa6dd388a0d024794003e1c1e19756e9e9aa1e85726
-
Size
1.0MB
-
Sample
231003-lmhmzabe77
-
MD5
eda6d8bf3abf6a768f224b75fedf69d0
-
SHA1
3a629b41666653a7882cd1da02943efc9ad320ac
-
SHA256
24ff3b8c11844eef227e0aa6dd388a0d024794003e1c1e19756e9e9aa1e85726
-
SHA512
b8d8b5f3d4e4ac69cf14f18c75160f2be12ed1f7dc1113bb2ff15e35ff2f5769d47ad442bd0c53127d403257a77a8d8a2dba3df0ff965f53779369e59d6f963b
-
SSDEEP
12288:NMrqy90OCgpk/SjiDHBoVBDzWfqccog+Tnn/3IDE0/C+eBvEERDOMI6EoX64CcMJ:by2CF8RSYnfwLuPdISRCch1/Q7ZOVrs
Static task
static1
Behavioral task
behavioral1
Sample
24ff3b8c11844eef227e0aa6dd388a0d024794003e1c1e19756e9e9aa1e85726.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
jordan
77.91.124.55:19071
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
24ff3b8c11844eef227e0aa6dd388a0d024794003e1c1e19756e9e9aa1e85726
-
Size
1.0MB
-
MD5
eda6d8bf3abf6a768f224b75fedf69d0
-
SHA1
3a629b41666653a7882cd1da02943efc9ad320ac
-
SHA256
24ff3b8c11844eef227e0aa6dd388a0d024794003e1c1e19756e9e9aa1e85726
-
SHA512
b8d8b5f3d4e4ac69cf14f18c75160f2be12ed1f7dc1113bb2ff15e35ff2f5769d47ad442bd0c53127d403257a77a8d8a2dba3df0ff965f53779369e59d6f963b
-
SSDEEP
12288:NMrqy90OCgpk/SjiDHBoVBDzWfqccog+Tnn/3IDE0/C+eBvEERDOMI6EoX64CcMJ:by2CF8RSYnfwLuPdISRCch1/Q7ZOVrs
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1