General
-
Target
cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40
-
Size
1.2MB
-
Sample
231013-flratseg6z
-
MD5
c62b28815ceb04d49aed8083cb219b34
-
SHA1
55672034b7f9642c843df99a3956438c11b38a02
-
SHA256
cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40
-
SHA512
64d134376d359d25c571100b6afbd9b1526e43656a9003f7d250116a151c16bc77fff4934645ec7422d6344db093a68ceee2176094e2de5bf707e7a9fef96b56
-
SSDEEP
24576:Z9q+VDNJsRSO2cnMEHHryl8YZCID8Nf+owSRqmyfDmZDKG:jq+VHISO2cNnN8D85K8qPPG
Static task
static1
Behavioral task
behavioral1
Sample
cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40
-
Size
1.2MB
-
MD5
c62b28815ceb04d49aed8083cb219b34
-
SHA1
55672034b7f9642c843df99a3956438c11b38a02
-
SHA256
cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40
-
SHA512
64d134376d359d25c571100b6afbd9b1526e43656a9003f7d250116a151c16bc77fff4934645ec7422d6344db093a68ceee2176094e2de5bf707e7a9fef96b56
-
SSDEEP
24576:Z9q+VDNJsRSO2cnMEHHryl8YZCID8Nf+owSRqmyfDmZDKG:jq+VHISO2cNnN8D85K8qPPG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1