General
-
Target
NEAS.9d8ef5af655dc5cdc92ca4b6f019db80.exe
-
Size
701KB
-
Sample
231014-wqjpjsfe37
-
MD5
9d8ef5af655dc5cdc92ca4b6f019db80
-
SHA1
c2d44fa41f85c77939c87bb0fed6d3dbbd7b3c67
-
SHA256
c947c837debbe5d3285675b550e33f3bdfd0f87aee7d230e1aa514b751956c20
-
SHA512
a49f9499f3502bd31324e86f79ac2c5c1d13c308161aac4f306824e8d8978143e0f47241eed6a22ebc1f798d411d6110be848c3e8ad37015a58a373b4f0f48a1
-
SSDEEP
12288:XMr8y90+BwUc0t9kH03s7znim+7bu/cNTE5izJFXpXm9NAWioputjd13RS:Hy3NsHes71+7i/Yiiz78JnpK513RS
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.9d8ef5af655dc5cdc92ca4b6f019db80.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.9d8ef5af655dc5cdc92ca4b6f019db80.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
NEAS.9d8ef5af655dc5cdc92ca4b6f019db80.exe
-
Size
701KB
-
MD5
9d8ef5af655dc5cdc92ca4b6f019db80
-
SHA1
c2d44fa41f85c77939c87bb0fed6d3dbbd7b3c67
-
SHA256
c947c837debbe5d3285675b550e33f3bdfd0f87aee7d230e1aa514b751956c20
-
SHA512
a49f9499f3502bd31324e86f79ac2c5c1d13c308161aac4f306824e8d8978143e0f47241eed6a22ebc1f798d411d6110be848c3e8ad37015a58a373b4f0f48a1
-
SSDEEP
12288:XMr8y90+BwUc0t9kH03s7znim+7bu/cNTE5izJFXpXm9NAWioputjd13RS:Hy3NsHes71+7i/Yiiz78JnpK513RS
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1