General
-
Target
aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04
-
Size
1.2MB
-
Sample
231013-fkzwkseg21
-
MD5
89ff258b7a3e752b0d2a6db304ed38f7
-
SHA1
e1a42ddce664a7ea68d9c36c80e347e1a0bebe20
-
SHA256
aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04
-
SHA512
cc37f7a868b5858c1698857556992e38b1f93f2c3809e09cb99ff47a385c0c60ec0010e8632d43b60221e8349c5e6d6ce0eca532b7adb4cd02f82367b92b8f34
-
SSDEEP
24576:2BuqRr0CQheNIRavIUDGgDzvUIWjD8oQKRiak71czrFNypgUbsi64ZTeG:SuqR1QheNIo7DznWjwolPmWQyUwG
Static task
static1
Behavioral task
behavioral1
Sample
aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04
-
Size
1.2MB
-
MD5
89ff258b7a3e752b0d2a6db304ed38f7
-
SHA1
e1a42ddce664a7ea68d9c36c80e347e1a0bebe20
-
SHA256
aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04
-
SHA512
cc37f7a868b5858c1698857556992e38b1f93f2c3809e09cb99ff47a385c0c60ec0010e8632d43b60221e8349c5e6d6ce0eca532b7adb4cd02f82367b92b8f34
-
SSDEEP
24576:2BuqRr0CQheNIRavIUDGgDzvUIWjD8oQKRiak71czrFNypgUbsi64ZTeG:SuqR1QheNIo7DznWjwolPmWQyUwG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1