General
-
Target
c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47
-
Size
1.5MB
-
Sample
240502-dr286shd95
-
MD5
991267b92287601ef77a0bbadd747440
-
SHA1
9ff5b9b627c5eae60511f47cde53de339b74e822
-
SHA256
c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47
-
SHA512
23546fe330165a559b53c376b84987979eb4e64fa300925e13d24fc1b1cf9c69785374125fadfe6c55d112e4765263b1d34affaf14d8f0c7355626098af47e5e
-
SSDEEP
24576:kyIedgrARuVqITHTjQ08cKQnm4xU3/bPpBACmormqSwK92JeG1xdB4xyBqkZ05k6:zIeyaQzU10m4xEItq3KPG7pqkZ4
Static task
static1
Behavioral task
behavioral1
Sample
c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47
-
Size
1.5MB
-
MD5
991267b92287601ef77a0bbadd747440
-
SHA1
9ff5b9b627c5eae60511f47cde53de339b74e822
-
SHA256
c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47
-
SHA512
23546fe330165a559b53c376b84987979eb4e64fa300925e13d24fc1b1cf9c69785374125fadfe6c55d112e4765263b1d34affaf14d8f0c7355626098af47e5e
-
SSDEEP
24576:kyIedgrARuVqITHTjQ08cKQnm4xU3/bPpBACmormqSwK92JeG1xdB4xyBqkZ05k6:zIeyaQzU10m4xEItq3KPG7pqkZ4
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
-
Detects executables packed with ConfuserEx Mod
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1