General
-
Target
4c13035ed21c7a82e33f3fab276f150363c9375e9b7aaffac16d35dffebb6548_JC.exe
-
Size
768KB
-
Sample
231014-en3k7shg34
-
MD5
b76a1ea4d1156feaf2d0441ed961a8d5
-
SHA1
316f0f365b5e36e9c756835dea160d3f0521cd6a
-
SHA256
4c13035ed21c7a82e33f3fab276f150363c9375e9b7aaffac16d35dffebb6548
-
SHA512
18af4934ccf95d1ee22a9bfba795c8c837317bc53e8209670027fbac774b6a499d5a07a75a89031d71264dec3e02f19a48509e447b5f0eb93da5554802f38e53
-
SSDEEP
12288:7Mrvy9090VS8LjLBYfH2ZfBR3bdbAP44WSnn3p04rauaScTOIdXbe4YGKHTvL:Uy/NjLufW5b9wNWHDuaSgnXzYXL
Static task
static1
Behavioral task
behavioral1
Sample
4c13035ed21c7a82e33f3fab276f150363c9375e9b7aaffac16d35dffebb6548_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
4c13035ed21c7a82e33f3fab276f150363c9375e9b7aaffac16d35dffebb6548_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
4c13035ed21c7a82e33f3fab276f150363c9375e9b7aaffac16d35dffebb6548_JC.exe
-
Size
768KB
-
MD5
b76a1ea4d1156feaf2d0441ed961a8d5
-
SHA1
316f0f365b5e36e9c756835dea160d3f0521cd6a
-
SHA256
4c13035ed21c7a82e33f3fab276f150363c9375e9b7aaffac16d35dffebb6548
-
SHA512
18af4934ccf95d1ee22a9bfba795c8c837317bc53e8209670027fbac774b6a499d5a07a75a89031d71264dec3e02f19a48509e447b5f0eb93da5554802f38e53
-
SSDEEP
12288:7Mrvy9090VS8LjLBYfH2ZfBR3bdbAP44WSnn3p04rauaScTOIdXbe4YGKHTvL:Uy/NjLufW5b9wNWHDuaSgnXzYXL
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1