General
-
Target
59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86
-
Size
1.2MB
-
Sample
231013-fjxd3aef7w
-
MD5
45c8f18e88a2562f6cafa96c6c3fa528
-
SHA1
08a13c4c944173b0e775b0cca25096ab1f227340
-
SHA256
59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86
-
SHA512
d13dea7c3bd4f6e8af262a1533956a03db087a519f71ee5ca067798225ed7d789c683571a80b0a28671d9136b38b31627c4cbd82d6913c8dfaf5bd6e0781c222
-
SSDEEP
24576:O74crI0H8AMXzjhfr76JK9bbcQhUUhdGCaGxYoirN0GAu7GcsUY2Uk/qvhcLuuAy:k4crI0H8AMXHhfX6J6oLCaDrGG32UtU2
Static task
static1
Behavioral task
behavioral1
Sample
59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86
-
Size
1.2MB
-
MD5
45c8f18e88a2562f6cafa96c6c3fa528
-
SHA1
08a13c4c944173b0e775b0cca25096ab1f227340
-
SHA256
59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86
-
SHA512
d13dea7c3bd4f6e8af262a1533956a03db087a519f71ee5ca067798225ed7d789c683571a80b0a28671d9136b38b31627c4cbd82d6913c8dfaf5bd6e0781c222
-
SSDEEP
24576:O74crI0H8AMXzjhfr76JK9bbcQhUUhdGCaGxYoirN0GAu7GcsUY2Uk/qvhcLuuAy:k4crI0H8AMXHhfX6J6oLCaDrGG32UtU2
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1