General
-
Target
6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e
-
Size
1.2MB
-
Sample
231013-ffhfqsee3y
-
MD5
feb2be8a2d1624aa6e72b4ff5b499498
-
SHA1
26e421f3dba75f49a8ac1390e189afd8407fa541
-
SHA256
6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e
-
SHA512
5b5971095830f9c1bd887c256592fa11f9f3d8d944dfdd46fc2160018d2e4d115b16cfa152963a24e3e5ebc13685dfe6a4f0f4e6291772ad061b1afd968bdeea
-
SSDEEP
24576:f74cr2NZUhgFSF68jG8/I8W5tcj5+/jNY2vYBcTvkyJNeGG:T4cr2AhCS4O/U52N+/kBAkueGG
Static task
static1
Behavioral task
behavioral1
Sample
6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e
-
Size
1.2MB
-
MD5
feb2be8a2d1624aa6e72b4ff5b499498
-
SHA1
26e421f3dba75f49a8ac1390e189afd8407fa541
-
SHA256
6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e
-
SHA512
5b5971095830f9c1bd887c256592fa11f9f3d8d944dfdd46fc2160018d2e4d115b16cfa152963a24e3e5ebc13685dfe6a4f0f4e6291772ad061b1afd968bdeea
-
SSDEEP
24576:f74cr2NZUhgFSF68jG8/I8W5tcj5+/jNY2vYBcTvkyJNeGG:T4cr2AhCS4O/U52N+/kBAkueGG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1