General
-
Target
c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217
-
Size
1.2MB
-
Sample
231013-fkrvzaeg2v
-
MD5
6c666132c70b467609497fbf98de87a6
-
SHA1
da2f3b92771f0ad97c0315805ac3dbebe88c69a1
-
SHA256
c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217
-
SHA512
2ef86b7e772bf9861af227d9a5e08435a3ec182455af848c7c6e28986c2e228c2cffffcbc87903d74d248b2f6f0f176ccc1bc9f7a9b32a3e6b6c75c351cfd033
-
SSDEEP
24576:pBuqRoWp65cb9YpIdLYk/9MvkpuY5+8VqJLO1mRmhkhH6wG:vuqRKw9vLTq8gYA8hc/G
Static task
static1
Behavioral task
behavioral1
Sample
c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217
-
Size
1.2MB
-
MD5
6c666132c70b467609497fbf98de87a6
-
SHA1
da2f3b92771f0ad97c0315805ac3dbebe88c69a1
-
SHA256
c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217
-
SHA512
2ef86b7e772bf9861af227d9a5e08435a3ec182455af848c7c6e28986c2e228c2cffffcbc87903d74d248b2f6f0f176ccc1bc9f7a9b32a3e6b6c75c351cfd033
-
SSDEEP
24576:pBuqRoWp65cb9YpIdLYk/9MvkpuY5+8VqJLO1mRmhkhH6wG:vuqRKw9vLTq8gYA8hc/G
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1