General
-
Target
982f1ee50adb5f73ac1c2572177697c0_NEAS
-
Size
845KB
-
Sample
240507-jqrnyafe4x
-
MD5
982f1ee50adb5f73ac1c2572177697c0
-
SHA1
8e8a00653260c4291e7db3e8c3a3eb766d44f2c5
-
SHA256
1187636d6e514eb6a1ebb708504da23f9a3ed6065b30e5bef5531cb485fecb34
-
SHA512
9d4de83a73eff724cf1621f172a6209ad2b8e71e7b94792703c7ad8004ca597dd42cfe5c1f0b07e1fab289c0b516d02322ef8988062a4294449a7f73a61e1410
-
SSDEEP
12288:KMryy90ohyzNL/h6I7S7IcpBmfPtJvMTf6uBfR4qqV7E6zczO8dMB0gHh6v0tnLI:MyZg/ZSliLvMzT4uo8kTLJ1GXJvt
Static task
static1
Behavioral task
behavioral1
Sample
982f1ee50adb5f73ac1c2572177697c0_NEAS.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
982f1ee50adb5f73ac1c2572177697c0_NEAS
-
Size
845KB
-
MD5
982f1ee50adb5f73ac1c2572177697c0
-
SHA1
8e8a00653260c4291e7db3e8c3a3eb766d44f2c5
-
SHA256
1187636d6e514eb6a1ebb708504da23f9a3ed6065b30e5bef5531cb485fecb34
-
SHA512
9d4de83a73eff724cf1621f172a6209ad2b8e71e7b94792703c7ad8004ca597dd42cfe5c1f0b07e1fab289c0b516d02322ef8988062a4294449a7f73a61e1410
-
SSDEEP
12288:KMryy90ohyzNL/h6I7S7IcpBmfPtJvMTf6uBfR4qqV7E6zczO8dMB0gHh6v0tnLI:MyZg/ZSliLvMzT4uo8kTLJ1GXJvt
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1