Overview
overview
10Static
static
30b77ecaa1b...bd.exe
windows10-2004-x64
1015a93b61b0...e6.exe
windows10-2004-x64
10209703dd4d...93.exe
windows7-x64
3209703dd4d...93.exe
windows10-2004-x64
10371f83e057...f2.exe
windows10-2004-x64
104f86d48b3d...df.exe
windows10-2004-x64
10613e8de3b5...a6.exe
windows7-x64
3613e8de3b5...a6.exe
windows10-2004-x64
106bd55afbde...65.exe
windows10-2004-x64
1074991b8b05...38.exe
windows10-2004-x64
1075ccbf328f...af.exe
windows10-2004-x64
10798aee8abb...5b.exe
windows10-2004-x64
107b57226b37...3e.exe
windows10-2004-x64
107fe3c52960...9b.exe
windows10-2004-x64
108e6c08ec1c...56.exe
windows10-2004-x64
109cb8e2b154...93.exe
windows10-2004-x64
10a5bd0160df...49.exe
windows10-2004-x64
10a62a548ffb...a0.exe
windows10-2004-x64
10bfe644d3bd...29.exe
windows10-2004-x64
10c606fbb70c...7c.exe
windows10-2004-x64
10c84d7a88c3...a4.exe
windows10-2004-x64
10d637403a7a...09.exe
windows10-2004-x64
10General
-
Target
red.zip
-
Size
10.0MB
-
Sample
240509-srkrfsbe99
-
MD5
b9f652a127ab1e086148fed612fb2f50
-
SHA1
aae740ebc94353a6251be2c2beb71510e989b964
-
SHA256
2a57fa0e264c30123d79d5a18397ff8ecfce4d9f58a5938c968ad3a9dd12e935
-
SHA512
d103ebec4e85eb7a5b8f94e41ca6576852c25545ba0b94e4c19915c8e1b977dd6955ed0b25e21127c55ce41bc726ee6dbdbc4ce6a69f2f9345c42eacde07ea77
-
SSDEEP
196608:N2Tqxo4OYmz6pzVhXFxHNR+z+2hIHi85ZYK28isQ3WqWVhdnMHFsiB5HH5avBxpJ:KqxaYvnhRRqhIRWK2Dkn3eHFr50RJ
Static task
static1
Behavioral task
behavioral1
Sample
0b77ecaa1b47f7bc168f30b00531ca8aab8e8a58ed0985de288fe126c3d0fdbd.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
15a93b61b0f1091ffed5e2a2a442e7fe5060b5674f75443efcb362de169b83e6.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
209703dd4d6bb2be31fbd67713bc66dc1dd589baac7c01ca04d37e7c8d823793.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
209703dd4d6bb2be31fbd67713bc66dc1dd589baac7c01ca04d37e7c8d823793.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
371f83e057f13466e2fea9ea5acee438ac49fa63875096d8859e4b0dd31df2f2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
4f86d48b3d0bdaa6f4d6e224cb3d78d45d0e5ff02992de35aad4053a747106df.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
6bd55afbdee9bee40494e1ad8d221009af60fed046a9028662aea7d0d54f2d65.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
75ccbf328f1e4ec3537ebd63e6afcf1b951f8765d8b1c734b87a7073333332af.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
798aee8abbe13acdcba7ded2507144abfb3a7bdb36dfad1f88ebd752af5e0c5b.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
7b57226b37b29e8c8fc26bb0a8f5f069da16548a19709cb24661efa4e037303e.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
7fe3c5296017a9495bcbb4b7a050afbb8dc455250cb5390bf962b0738814d69b.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
8e6c08ec1ca5a8b0e5817eb7d07c526a20804925c4c4b8bc94ce28ad3f6abd56.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
9cb8e2b1548adfff7c012acfadb576ae6e5f0fdcfc0942eeb26b4c9fb8613e93.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
a5bd0160df71694767fdadc369e0582970a1182d88c7fea774ca4d3bdb503e49.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
a62a548ffb1dcb9166d2336968bea9011a44039f391a1a7ef70364f4a0e131a0.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
bfe644d3bd33f0f28361b0b64f6fba6444cbce7ffc0fb0746a6226305bffb229.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
c606fbb70c63714189a35096faef884c4cdff3a5f6572cd036c768cf51a7f67c.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
c84d7a88c396b7e327907984474a5b186f4adf86792a273b4ded750f4b893ca4.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral22
Sample
d637403a7a8d4f4e55e3bd56e000ee3668faae9137eaa6efbcd8dfdcc4744709.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
amadey
3.86
http://77.91.68.61
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Extracted
redline
darm
217.196.96.56:4138
-
auth_value
d88ac8ccc04ab9979b04b46313db1648
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Extracted
lumma
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Targets
-
-
Target
0b77ecaa1b47f7bc168f30b00531ca8aab8e8a58ed0985de288fe126c3d0fdbd
-
Size
389KB
-
MD5
77b9fb0f6b8cffbbd74a48c88d728042
-
SHA1
7e1942225b08e76d77124f885843bdf679d3c4fa
-
SHA256
0b77ecaa1b47f7bc168f30b00531ca8aab8e8a58ed0985de288fe126c3d0fdbd
-
SHA512
7b07051e37c0739f73239f7c1ba6e37c1749b1a52c1a8186fa3e3c28b95ff5035fa4d13825453dbe1bb4dca65c1e81318c36e2ad6a7aef6d855c6d19c3fd4ed6
-
SSDEEP
6144:KXy+bnr+Yp0yN90QEuiMZl8gP007RHr6ppFAwxw9C28zC8FgBZ+t4FDEXo26mWd0:RMroy904HZixtAwxCC3tFgBYCFY01u
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
15a93b61b0f1091ffed5e2a2a442e7fe5060b5674f75443efcb362de169b83e6
-
Size
515KB
-
MD5
7df24f49f54b8ac81e3c00b6ef1ce8e7
-
SHA1
788350bc977f6bbad5170e21e5cd2a0ef1499472
-
SHA256
15a93b61b0f1091ffed5e2a2a442e7fe5060b5674f75443efcb362de169b83e6
-
SHA512
48a39cffe8c2466522da44aa8b92116841617c8755f3363aafb00b205393b2e4266834a80743303c6fddb28f796086851d388cc9c5226bb1e317081d25b87b68
-
SSDEEP
12288:yMrTy90wTnRjHE/K1rdz7rhYXr8RsVWuoXd++974nV7c:RyzzNdvrhY78io4a49c
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
209703dd4d6bb2be31fbd67713bc66dc1dd589baac7c01ca04d37e7c8d823793
-
Size
989KB
-
MD5
79e53e4e66e3cc1c18c3eef54f3434c5
-
SHA1
4dacd0c65376af4ad6dd13d746ca048d4eba5b2b
-
SHA256
209703dd4d6bb2be31fbd67713bc66dc1dd589baac7c01ca04d37e7c8d823793
-
SHA512
009d33e03818679bfb172db7f498d394838c54ee1fcde9da94e20994f2d76c4e1aa30d64e9999fbeb96cd24f519f155cc03d624a903b1183c1d610c64d26c3c9
-
SSDEEP
12288:1jGKXgeOVTcldbKRr/4APMboMN6WvJaPuotB5xg8LumZjUjrTjpKt6Jiw3/:pGKXFOVTclERr/4APwoaBaJX1UPpKbc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
371f83e057f13466e2fea9ea5acee438ac49fa63875096d8859e4b0dd31df2f2
-
Size
390KB
-
MD5
7d114e866f3aebbf65ea5e0322ffa6a4
-
SHA1
831e43f1dd3bd60dc0b8175b4b614942300d81d7
-
SHA256
371f83e057f13466e2fea9ea5acee438ac49fa63875096d8859e4b0dd31df2f2
-
SHA512
ad53343bf098d146b652fc01592f234890f6041b71525a3750acb8e4063c5032ffb422f35a79a1501a4bc0a253f70a90856774654c436f2bb17d55b81bc7f0ac
-
SSDEEP
12288:0Mroy90rmKI+t0AnCwrcSor7h7XZvMvL46a:0yX+thC8cSShFUvL46a
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
4f86d48b3d0bdaa6f4d6e224cb3d78d45d0e5ff02992de35aad4053a747106df
-
Size
390KB
-
MD5
7b950b64ac08857b3deccaaa87a316a0
-
SHA1
9235f96b6b4b5c37b581556dadfa30dbce857034
-
SHA256
4f86d48b3d0bdaa6f4d6e224cb3d78d45d0e5ff02992de35aad4053a747106df
-
SHA512
41ffa8e9e51b67eff9f36c16cca9df10f7b2b71f6cee51fff1efed0e81b5a07c334c2616957258fa150192333cce87dd23459764e86e302d61325619c420766b
-
SSDEEP
6144:KMy+bnr+lp0yN90QEQ7y6KGyF4tgKY4Jrovv90vgBZ+t4UD9AT8sJeQ:0Mr9y90AyeVY46vv0gBYCU3sJZ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6
-
Size
1.2MB
-
MD5
78cdac30810324709d9ded08c4501f8d
-
SHA1
083f16342f0ef90d57321b873ad972a16b168f86
-
SHA256
613e8de3b5eba303bd2dc0b5d2f2f3df3586c0f63c31eb1f2c60f4e30e70dda6
-
SHA512
8b5e989df009891bf8178718e4fe9bf38e4f421c6295d1ebcc30eaa7762958a9009f7cfeadd18d508f7483e6fe043dad9a7181b6dc3b511fc205d35ae1e31890
-
SSDEEP
24576:VnBoveElInZKRPgiGilvvTd1YYWTsywSs6E:VBeInZKRPgiGiNYdTVm
-
Suspicious use of SetThreadContext
-
-
-
Target
6bd55afbdee9bee40494e1ad8d221009af60fed046a9028662aea7d0d54f2d65
-
Size
1.2MB
-
MD5
7dc01fe162857c837ec42c043f06a250
-
SHA1
c3f7888a5be49c458cdf5edca546ff6fd0b4da6b
-
SHA256
6bd55afbdee9bee40494e1ad8d221009af60fed046a9028662aea7d0d54f2d65
-
SHA512
9f828f990954d98bd65bf640d3aec245addc052add46fb8896223ec04953dce8a6fe2817bae53aa7fcee86d68248c4d6b0a5112b1a685082c5557c762cab48af
-
SSDEEP
24576:MyVY5S9UGMFXStmUpJeZyTxB7Sc2mGafGCLun8tczXSZ2Lk:7VS3GMFXYmUpME+DzaS8tcjSy
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38
-
Size
641KB
-
MD5
788d92f47b212e2049463dd423a5dee1
-
SHA1
ec638a326f621c2ac72199ddb8e02affffe0dee6
-
SHA256
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38
-
SHA512
2ff493ef1f3f2e9905e2930669eefb995041eeb8045ec1a4bfc935b655454aea9c591dfe179ec3c711fb22ff25374a64a01e7a56b204b37fd417e1b3278ab2a0
-
SSDEEP
12288:/Mrey90DQanCnYpz9L+2CBiMx5A5nF9npy7OsW6f/g9EcqOEluM:FyKPC8zBBE7jcF9py7OsW6ng9Ecq5uM
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
75ccbf328f1e4ec3537ebd63e6afcf1b951f8765d8b1c734b87a7073333332af
-
Size
769KB
-
MD5
7b850001f5713cbeaa0078d2b4a1f406
-
SHA1
e68fde0f08bd2353d118de3cefcbf2e6aca2ce7b
-
SHA256
75ccbf328f1e4ec3537ebd63e6afcf1b951f8765d8b1c734b87a7073333332af
-
SHA512
e1f35bd08f29bb6452ef58f318f7e911826b6f57e4418069a07e26d46599837acb2ed238da7179b253fbe57626d3f4886cf819cdf85b76de1bb5e42fa0ae6e9e
-
SSDEEP
12288:9Mroy90eCrZAz38uIrbDgTncDTLc97yZe6r5H+LcPyK:lyUaz38rrvgQfLc1ylwoPh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
798aee8abbe13acdcba7ded2507144abfb3a7bdb36dfad1f88ebd752af5e0c5b
-
Size
390KB
-
MD5
77871a3c4e9d08f0bc052ba62e12af12
-
SHA1
3ef6e6678685530de4df5af5fd5b9d60787c3b8d
-
SHA256
798aee8abbe13acdcba7ded2507144abfb3a7bdb36dfad1f88ebd752af5e0c5b
-
SHA512
89eeeb2049d79b7ad1c4858c5f06c126780e2e0e13023ce18835930f6c9d127a1054fafbb1f25045483e741a5adf45ce7f60056b37f8f0ef913719b7f614c60f
-
SSDEEP
12288:AMrXy90QaSqo3yXhVTXgBYCMwDg8vz2zI:HyeSL3uhezjs8rII
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
7b57226b37b29e8c8fc26bb0a8f5f069da16548a19709cb24661efa4e037303e
-
Size
515KB
-
MD5
7d2ce35a27a37baf28988e65cab27fcb
-
SHA1
55a23ab7eb441e4a904916bad1ebefe8aa212d2d
-
SHA256
7b57226b37b29e8c8fc26bb0a8f5f069da16548a19709cb24661efa4e037303e
-
SHA512
eb8c1c631efb67b344bf93ffb8398f26009b1cc158e8d0a05ccf39bd989bb6267b743b8175fcf59933dc227cbbc7f5ffc2de94feefbdc97735e64fe71bf5f6e4
-
SSDEEP
12288:UMrxy900zkSW5R1HN6zM61qV0h6B9UDGElqD:9yjyHNr61uVjUDGX
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
7fe3c5296017a9495bcbb4b7a050afbb8dc455250cb5390bf962b0738814d69b
-
Size
390KB
-
MD5
798ec07025f058b2e7791a88ea7ebba1
-
SHA1
0dff838f77c7f19abac6b32af4cfbc6bdafff37b
-
SHA256
7fe3c5296017a9495bcbb4b7a050afbb8dc455250cb5390bf962b0738814d69b
-
SHA512
c738e0fde4583cae6cb744679a081a343b810a2087d86767f14fc1544570ff551c55ff80c6891b553d3fc85299dccba2dc8afc53d0c2dc47eaa5592692b35309
-
SSDEEP
6144:Key+bnr+4p0yN90QEDHkWGjZNJYh7TNog5hSFkM/qVmBsSlmoNds:2MrYy90BfseSFHFlBzs
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
8e6c08ec1ca5a8b0e5817eb7d07c526a20804925c4c4b8bc94ce28ad3f6abd56
-
Size
515KB
-
MD5
7bd87547abe694ea73c8cc5c4ad142e1
-
SHA1
fc2dd14f3d0bd26bd0dcdcc04fb27d7569f0fa9e
-
SHA256
8e6c08ec1ca5a8b0e5817eb7d07c526a20804925c4c4b8bc94ce28ad3f6abd56
-
SHA512
a1a522e76403b8ea67ff0dd1b1a23318e2c59517211c36d2b6cc697427b7e7bebc8752a3afb94dd3831466590879b15ec03f8da7b76691b902d695458685f164
-
SSDEEP
12288:fMrly90IOW2B8Roq5ZzZJVPOmM4fZqRMyu2Ax:6yrGQRPOmM499h
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
9cb8e2b1548adfff7c012acfadb576ae6e5f0fdcfc0942eeb26b4c9fb8613e93
-
Size
390KB
-
MD5
77fe152db6ab834d5d19e0bc498a3390
-
SHA1
061f087d858f6f62bb8b825f97037c6adf09b5ba
-
SHA256
9cb8e2b1548adfff7c012acfadb576ae6e5f0fdcfc0942eeb26b4c9fb8613e93
-
SHA512
a184e3974bc54c34a64aa8a8590ebe2112c6197160cfdfdaac025adfc63333af8e6d63ec9e2f20bfc403f6a3e29ef20ea5c3f36bd2376724a170e2a011bc6e44
-
SSDEEP
12288:cMrqy90Bww5CNmmmx1qYnUAwFcHnl9A0X6YDp:Wy2wwoQmYnpHUQ99
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
a5bd0160df71694767fdadc369e0582970a1182d88c7fea774ca4d3bdb503e49
-
Size
1.6MB
-
MD5
7d32073410b319d087fce19d1e06e567
-
SHA1
db8fc2679ad185f7593223c7c9b1bd24dc9f9c14
-
SHA256
a5bd0160df71694767fdadc369e0582970a1182d88c7fea774ca4d3bdb503e49
-
SHA512
7f488b6974d89acb19da09df9784df631203f4ef1693c72092d0eb0cc3ed663332381ae3f052d479942acbf271466f2a8160009ebe0dceddc450a3b5818c6af3
-
SSDEEP
24576:3y9qneMGcM4DVQJBTkCn/H6tfxjl/zq9exWtOf2K1UkGmTXDqKbv4d3:C4neMZMJBT7n/+JjRq9ex0K2yDei
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
a62a548ffb1dcb9166d2336968bea9011a44039f391a1a7ef70364f4a0e131a0
-
Size
280KB
-
MD5
7df1e56d4c1a1612ee126463fcf8ceb4
-
SHA1
774ab26898cfa2ace41b0d5fa53538d318e0fa57
-
SHA256
a62a548ffb1dcb9166d2336968bea9011a44039f391a1a7ef70364f4a0e131a0
-
SHA512
a84427f66c991496b014e82a1e52a969da9b627d6dfebdb93b74acdda4907df02b7b7d17b25cb732999e4a01e7f6e327be630b93b6dd6c55ed78e3d920ccae15
-
SSDEEP
6144:Kby+bnr+Qp0yN90QE7o6FzcJVDQvj6iftPO3pJ8M:JMrQy90xl9x2stgp+M
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
bfe644d3bd33f0f28361b0b64f6fba6444cbce7ffc0fb0746a6226305bffb229
-
Size
390KB
-
MD5
797a5feff99655f0d85ce2a57b7db03c
-
SHA1
4e6faef04eb706282a621b44f12ab9f1d46c2922
-
SHA256
bfe644d3bd33f0f28361b0b64f6fba6444cbce7ffc0fb0746a6226305bffb229
-
SHA512
33d1c0e066306f4d67d1db2aef636e142c515c2fdc4c471c7d0abfb8643181196e752715b44cb6fcf8a7188c93244e109c6e7c02b6c412d2b82293103dc19251
-
SSDEEP
6144:Kty+bnr+1p0yN90QETEySSJAvVcQlhRAbR4SZZ1QMmHYYgtVNaAL0C/:fMrxy90xEyFkXARPqkNTYC/
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c606fbb70c63714189a35096faef884c4cdff3a5f6572cd036c768cf51a7f67c
-
Size
514KB
-
MD5
7d7d33850f01a172965d4ab3500f15ff
-
SHA1
6c3f6d557ce913e1b4e76c3325e21fdc9f8e1616
-
SHA256
c606fbb70c63714189a35096faef884c4cdff3a5f6572cd036c768cf51a7f67c
-
SHA512
10f12ecca2c5643a50be160d7343b8f9b48a91efeb5da2b31dbae9b38794cfe944878c0d0fcd37c0786d5291c80a3b883e2d1499fd69b15ebda1790e427fb304
-
SSDEEP
12288:nMr7y90vbJ4/tt88tW+bsUlC1U/miz9LjHJWH:wy0m/tptW+YB+djpWH
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c84d7a88c396b7e327907984474a5b186f4adf86792a273b4ded750f4b893ca4
-
Size
390KB
-
MD5
78e143d53832462f94df54b039a2500f
-
SHA1
3166b93218a704270ad88cdcf933f8e7e27ae047
-
SHA256
c84d7a88c396b7e327907984474a5b186f4adf86792a273b4ded750f4b893ca4
-
SHA512
c58e52b9de6d11b866e713c2039700d3941507cb6fea50c63dd7343128366dabbeb6c8fd219802ec7bd6ab28bc4c2cf3558bdbcd414a2689630060c3caf4d3d7
-
SSDEEP
6144:K+y+bnr+Qp0yN90QEsFSlPN+PytrbyJHrPkPGyPLtWc9uNNvHmPRa0xw:GMroy90TxseG+Wc9unmPRX2
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d637403a7a8d4f4e55e3bd56e000ee3668faae9137eaa6efbcd8dfdcc4744709
-
Size
384KB
-
MD5
7bc2d05ad6c8a97ba0e72e08fea76c33
-
SHA1
34ca4cd11a85d4c4e347e0a3e14bbbce06a52b8a
-
SHA256
d637403a7a8d4f4e55e3bd56e000ee3668faae9137eaa6efbcd8dfdcc4744709
-
SHA512
d904d036c3348d6171810adc02588990dc349f6cf8a79f95466b1e4d64bc0ca3dad17de0868260bf66db36b2cc5cdf4ba4437a1833671ab7bc2ed7079e55feb2
-
SSDEEP
6144:KBy+bnr+Dp0yN90QEwUHh4HZn7ECucO0bGvBJBiZLpD5Fs3zHlG9mLYICwx:nMrzy90pH0gCucO05mDHlG9m0cx
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1