General
-
Target
bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa
-
Size
930KB
-
Sample
231014-b6zqgsae4v
-
MD5
3460167c1d4aa82be63e7d58086d4dc3
-
SHA1
698a2c76dca22b0434f435fa686b8e16d3c09e07
-
SHA256
bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa
-
SHA512
79ab6533342e459d8d2c9602938541fdd9388dfa0fdd74c3d7ce2ac429a3a30da1b9cfc185312614e176ea8ec70540f729b92e651dce570baf0808f3f22441ac
-
SSDEEP
12288:d6//yfYb5BIQZVte2f8sD5ARNRDDyBPd0mWuh1eueMbQkXwSUqf7ZOqPMeIX9iDF:giuBtZsDM0fuuuw9qZFbANhTil+85
Static task
static1
Behavioral task
behavioral1
Sample
bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Targets
-
-
Target
bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa
-
Size
930KB
-
MD5
3460167c1d4aa82be63e7d58086d4dc3
-
SHA1
698a2c76dca22b0434f435fa686b8e16d3c09e07
-
SHA256
bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa
-
SHA512
79ab6533342e459d8d2c9602938541fdd9388dfa0fdd74c3d7ce2ac429a3a30da1b9cfc185312614e176ea8ec70540f729b92e651dce570baf0808f3f22441ac
-
SSDEEP
12288:d6//yfYb5BIQZVte2f8sD5ARNRDDyBPd0mWuh1eueMbQkXwSUqf7ZOqPMeIX9iDF:giuBtZsDM0fuuuw9qZFbANhTil+85
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1