General
-
Target
bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9
-
Size
480KB
-
Sample
240510-cky3hacg31
-
MD5
f10f3830f74f4c146ecfe490b2f5bb60
-
SHA1
95f1c364dd9957c7353e958870cbd0b56dd72131
-
SHA256
bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9
-
SHA512
8e3ba81dcfc0c36100ded32308e3e787d2c64e6c644b2a376b9d684d5d54dbcad46522dca178dcd3c3fdc8e2a18d018b9c27f631fac67d80b6ce9bde77277376
-
SSDEEP
6144:KYy+bnr+Bp0yN90QEMQSOmAfsDSwqGTD4TGYSQUb1BZk8OYHwi0GVSMmaLxcwJuj:kMrJy906OmMSwGF1BZk8hmaLxcwIj
Static task
static1
Behavioral task
behavioral1
Sample
bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Targets
-
-
Target
bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9
-
Size
480KB
-
MD5
f10f3830f74f4c146ecfe490b2f5bb60
-
SHA1
95f1c364dd9957c7353e958870cbd0b56dd72131
-
SHA256
bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9
-
SHA512
8e3ba81dcfc0c36100ded32308e3e787d2c64e6c644b2a376b9d684d5d54dbcad46522dca178dcd3c3fdc8e2a18d018b9c27f631fac67d80b6ce9bde77277376
-
SSDEEP
6144:KYy+bnr+Bp0yN90QEMQSOmAfsDSwqGTD4TGYSQUb1BZk8OYHwi0GVSMmaLxcwJuj:kMrJy906OmMSwGF1BZk8hmaLxcwIj
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects executables embedding registry key / value combination indicative of disabling Windows Defender features
-
Detects executables packed with ConfuserEx Mod
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1