General
-
Target
f476dc83a149b25ee84ef36e8065f67be2d1a0de0b94d89065b53a47e5d5fd52
-
Size
1.0MB
-
Sample
231003-mxtcwsaa5v
-
MD5
e98630dcc665daaa37335c018f1e435f
-
SHA1
54d9b1eefa56ff6e9a63ed4a56ec9866683eb935
-
SHA256
f476dc83a149b25ee84ef36e8065f67be2d1a0de0b94d89065b53a47e5d5fd52
-
SHA512
9602b9965f62bf3e07aaaf238deff864509a39d40b471ab5a01039a25b53b1666ed4e6d37e96b0edf4ccf744b7024d20ed6891af0ef8b9ef2d4ad7761660c746
-
SSDEEP
24576:ByE3Vc/UZiWmjmm2A0LZG8dF3Wq2nzcbzK0vaLL3oHwL:0El7mjSA4GGSzc3KbUHw
Static task
static1
Behavioral task
behavioral1
Sample
f476dc83a149b25ee84ef36e8065f67be2d1a0de0b94d89065b53a47e5d5fd52.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
jordan
77.91.124.55:19071
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
f476dc83a149b25ee84ef36e8065f67be2d1a0de0b94d89065b53a47e5d5fd52
-
Size
1.0MB
-
MD5
e98630dcc665daaa37335c018f1e435f
-
SHA1
54d9b1eefa56ff6e9a63ed4a56ec9866683eb935
-
SHA256
f476dc83a149b25ee84ef36e8065f67be2d1a0de0b94d89065b53a47e5d5fd52
-
SHA512
9602b9965f62bf3e07aaaf238deff864509a39d40b471ab5a01039a25b53b1666ed4e6d37e96b0edf4ccf744b7024d20ed6891af0ef8b9ef2d4ad7761660c746
-
SSDEEP
24576:ByE3Vc/UZiWmjmm2A0LZG8dF3Wq2nzcbzK0vaLL3oHwL:0El7mjSA4GGSzc3KbUHw
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1