General
-
Target
6f5621553156f0e8223a277698d77342feaa4f53641d74451254f0827691d938
-
Size
1.0MB
-
Sample
231003-lsajjsbe85
-
MD5
cbb65810eeb722fda9c383c272ac2d0f
-
SHA1
22e7010782386159f30f5f4448badbe14b777c7d
-
SHA256
6f5621553156f0e8223a277698d77342feaa4f53641d74451254f0827691d938
-
SHA512
a095a13e1d4cfc5554098d1c7c3b376d67cf1d118e1ab16fb2511f5b535f8e1ee8829c7fd13b7c6268643ea35f01d03e44d4b4f8fc20f4543b6018efe6875331
-
SSDEEP
12288:cMr2y90iNt32fSLHWHhaedAk2bj5mSSU5JqHTm6wYXhrl+AzCiDZ3FEWHfKx333P:iyz3fkZq3+UCrwYXhrlFTDFZEXn2ZhY
Static task
static1
Behavioral task
behavioral1
Sample
6f5621553156f0e8223a277698d77342feaa4f53641d74451254f0827691d938.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
jordan
77.91.124.55:19071
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
6f5621553156f0e8223a277698d77342feaa4f53641d74451254f0827691d938
-
Size
1.0MB
-
MD5
cbb65810eeb722fda9c383c272ac2d0f
-
SHA1
22e7010782386159f30f5f4448badbe14b777c7d
-
SHA256
6f5621553156f0e8223a277698d77342feaa4f53641d74451254f0827691d938
-
SHA512
a095a13e1d4cfc5554098d1c7c3b376d67cf1d118e1ab16fb2511f5b535f8e1ee8829c7fd13b7c6268643ea35f01d03e44d4b4f8fc20f4543b6018efe6875331
-
SSDEEP
12288:cMr2y90iNt32fSLHWHhaedAk2bj5mSSU5JqHTm6wYXhrl+AzCiDZ3FEWHfKx333P:iyz3fkZq3+UCrwYXhrlFTDFZEXn2ZhY
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1