General
-
Target
0f21e7bfc9762ec0cfb0be399be501df33a8cbe7f5fb881b46c20415d067ce8b
-
Size
1.2MB
-
Sample
231013-fh1ebsef3x
-
MD5
965e78dd3783e7f0a9a48edf9e58da8b
-
SHA1
44246aa19b1ad652f14655a935b0c37a3d981b46
-
SHA256
0f21e7bfc9762ec0cfb0be399be501df33a8cbe7f5fb881b46c20415d067ce8b
-
SHA512
44f38a28ec4eb02624ca2341eb585180f1672c219383289457a4071d4b45ed7c1fd61178df6a3e45e2d712310e031cf563c9c49b54104feb4a7da5c3dc2f24b5
-
SSDEEP
24576:0pWiJkCt0q4GgbPc0Nk3J1QkpoC0GLMtBxUojccMEZw27G:MWiJ50q96Pcl3IkOpGIpUogU7G
Static task
static1
Behavioral task
behavioral1
Sample
0f21e7bfc9762ec0cfb0be399be501df33a8cbe7f5fb881b46c20415d067ce8b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
0f21e7bfc9762ec0cfb0be399be501df33a8cbe7f5fb881b46c20415d067ce8b.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
0f21e7bfc9762ec0cfb0be399be501df33a8cbe7f5fb881b46c20415d067ce8b
-
Size
1.2MB
-
MD5
965e78dd3783e7f0a9a48edf9e58da8b
-
SHA1
44246aa19b1ad652f14655a935b0c37a3d981b46
-
SHA256
0f21e7bfc9762ec0cfb0be399be501df33a8cbe7f5fb881b46c20415d067ce8b
-
SHA512
44f38a28ec4eb02624ca2341eb585180f1672c219383289457a4071d4b45ed7c1fd61178df6a3e45e2d712310e031cf563c9c49b54104feb4a7da5c3dc2f24b5
-
SSDEEP
24576:0pWiJkCt0q4GgbPc0Nk3J1QkpoC0GLMtBxUojccMEZw27G:MWiJ50q96Pcl3IkOpGIpUogU7G
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1