General
-
Target
b03c9166346452546c30fe5b5990d2877dffc2995373d191ce65ac48f077b1cf
-
Size
1.3MB
-
Sample
231012-wfyqqafb6s
-
MD5
fc415ab92de0ba6c15c0bdfe85990cbf
-
SHA1
18f8e1748f5c17da4918f3896644e9a0a0d8d94a
-
SHA256
b03c9166346452546c30fe5b5990d2877dffc2995373d191ce65ac48f077b1cf
-
SHA512
d3d8685ea12ef78a54b85d2db64349d534cb37933f52f4f174878f5cac90251e37d7a39cd0fa2364b3c0a03860ed9bad4e5f47e3c05f64a7baad4b1b7f31d20c
-
SSDEEP
24576:N09ldqKOXb7+j/A6pELQG36xFqJpmHAfcBHFMrWKxtsJ4ULRQSq2D+GQ:N09DfhA6pEU6zB0TMr04UNQSq2D+GQ
Static task
static1
Behavioral task
behavioral1
Sample
b03c9166346452546c30fe5b5990d2877dffc2995373d191ce65ac48f077b1cf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b03c9166346452546c30fe5b5990d2877dffc2995373d191ce65ac48f077b1cf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
black
77.91.124.82:19071
-
auth_value
c5887216cebc5a219113738140bc3047
Targets
-
-
Target
b03c9166346452546c30fe5b5990d2877dffc2995373d191ce65ac48f077b1cf
-
Size
1.3MB
-
MD5
fc415ab92de0ba6c15c0bdfe85990cbf
-
SHA1
18f8e1748f5c17da4918f3896644e9a0a0d8d94a
-
SHA256
b03c9166346452546c30fe5b5990d2877dffc2995373d191ce65ac48f077b1cf
-
SHA512
d3d8685ea12ef78a54b85d2db64349d534cb37933f52f4f174878f5cac90251e37d7a39cd0fa2364b3c0a03860ed9bad4e5f47e3c05f64a7baad4b1b7f31d20c
-
SSDEEP
24576:N09ldqKOXb7+j/A6pELQG36xFqJpmHAfcBHFMrWKxtsJ4ULRQSq2D+GQ:N09DfhA6pEU6zB0TMr04UNQSq2D+GQ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1