Overview
overview
10Static
static
31d059ca891...d4.exe
windows10-2004-x64
101d90edda9f...51.exe
windows7-x64
31d90edda9f...51.exe
windows10-2004-x64
101e44c41d8d...91.exe
windows10-2004-x64
101ed736973c...3e.exe
windows10-2004-x64
10559234fc52...e2.exe
windows10-2004-x64
105a4570005d...a4.exe
windows7-x64
35a4570005d...a4.exe
windows10-2004-x64
1061f1a776dc...62.exe
windows10-2004-x64
1067045db960...01.exe
windows10-2004-x64
106d684b37ca...5c.exe
windows10-2004-x64
1077cbabe9fe...cf.exe
windows7-x64
377cbabe9fe...cf.exe
windows10-2004-x64
108a73bb4899...c3.exe
windows10-2004-x64
108db3c27c31...88.exe
windows7-x64
38db3c27c31...88.exe
windows10-2004-x64
10b72cfb2517...df.exe
windows10-2004-x64
10c2ef692d84...7e.exe
windows7-x64
3c2ef692d84...7e.exe
windows10-2004-x64
10c39106a352...4e.exe
windows7-x64
10c39106a352...4e.exe
windows10-2004-x64
10ca6d56a637...da.exe
windows10-2004-x64
10db14966ca7...cb.exe
windows7-x64
10db14966ca7...cb.exe
windows10-2004-x64
10e800205bb9...fd.exe
windows7-x64
3e800205bb9...fd.exe
windows10-2004-x64
10f8a2da44f9...41.exe
windows10-2004-x64
10fc8b501a18...d3.exe
windows7-x64
3fc8b501a18...d3.exe
windows10-2004-x64
10General
-
Target
c5a3dbeea17ddba50482e7844a817171580f977dcea9ad7b655d39a934b93b93
-
Size
8.5MB
-
Sample
240510-pl4qlahe83
-
MD5
63f013d3eaa851a4b37bc58a4cb7f190
-
SHA1
67e0bc19c3a32090ac6844bcaa4f00ee13b8dd0d
-
SHA256
c5a3dbeea17ddba50482e7844a817171580f977dcea9ad7b655d39a934b93b93
-
SHA512
c711e03d14dfaf58a1a566341bef053dd228e908c442fb38bfa90d43cc372d536af06aa9932babd64a579328205aba39b86f87c615f6b149a669d934aaff2e04
-
SSDEEP
196608:Us3AAiQp3c+6iWLMg7/gkWHmjjG5KEaq0Xo8X9tnJiDkhRKzBm:N3A7Qp3c+Swg7/oGjLEzB8ttnRhRb
Static task
static1
Behavioral task
behavioral1
Sample
1d059ca891566e0006cb4534dc4ff845fedd1d3d468c12366e12f98a815ed7d4.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe
Resource
win7-20231129-en
Behavioral task
behavioral3
Sample
1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
1e44c41d8d889c0d0e018128db620f95ba933996ae31dd11da4f5d407c764691.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
1ed736973ca7eb70129cafb36c292298f34a8a710160e69aeec7ad93760ed83e.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
559234fc528754d07d788aa5eff30aba166a9bab82e9eda45a9737647b0e9fe2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
5a4570005d13d7c9c706dbdc0cc5ee5b8dfd33f7be6a6204a95d2134e3a483a4.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
5a4570005d13d7c9c706dbdc0cc5ee5b8dfd33f7be6a6204a95d2134e3a483a4.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
61f1a776dcd13885a5979397d5b945e89d26cfcfe61e000ac89070e4a45bc562.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
67045db9602c0bb02004555fcae5f1c816ba6ebea367c933be035b042c153501.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
6d684b37ca877d403cebced125fab4f36a37e290840da5678e0d43fd35796a5c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
77cbabe9fe3b8b9ac3422f2b29fbcb0cdb9ee85c7b64b2bde48da25f6ef608cf.exe
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
77cbabe9fe3b8b9ac3422f2b29fbcb0cdb9ee85c7b64b2bde48da25f6ef608cf.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
8a73bb4899be69e1a77d74c46f81ca29b85b5c67b642e09f9735dec87b8b4cc3.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
b72cfb25178ac78d0dfae350873df231a1f4266a913f47acc5018b87cae84bdf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
c2ef692d84f694cd08e3238ae431c5636be2dc51342782c20a577eb05217557e.exe
Resource
win7-20240508-en
Behavioral task
behavioral19
Sample
c2ef692d84f694cd08e3238ae431c5636be2dc51342782c20a577eb05217557e.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
c39106a3520b59f859a00bc0014f6b5a4846b40742a925b66283b31e62094c4e.exe
Resource
win7-20240419-en
Behavioral task
behavioral21
Sample
c39106a3520b59f859a00bc0014f6b5a4846b40742a925b66283b31e62094c4e.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral22
Sample
ca6d56a637f121ee6406def5cf89663c3e54b2e175e98d4469fb3e3a46e190da.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
db14966ca75480a4e8f9f3d18c7bada2f205a1ac7404dbeda068279afa55b1cb.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
db14966ca75480a4e8f9f3d18c7bada2f205a1ac7404dbeda068279afa55b1cb.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
e800205bb9a5d3866d735915080e828250891d7d9c930245afd8def35dd08dfd.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
e800205bb9a5d3866d735915080e828250891d7d9c930245afd8def35dd08dfd.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
f8a2da44f9c18482323d9e1ed99567d3a35b95656bc1b023d86e12f305565c41.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral28
Sample
fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe
Resource
win7-20240220-en
Malware Config
Extracted
amadey
3.86
http://77.91.68.61
http://5.42.92.67
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
lumma
https://plasterdaughejsijuk.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Extracted
redline
7001210066
https://pastebin.com/raw/KE5Mft0T
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
lux3
176.123.9.142:14845
-
auth_value
e94dff9a76da90d6b000642c4a52574b
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Targets
-
-
Target
1d059ca891566e0006cb4534dc4ff845fedd1d3d468c12366e12f98a815ed7d4
-
Size
389KB
-
MD5
2983d487675b8e857be5cc87ecf3a3f9
-
SHA1
5dee58d99ebb08bee6f7210ab933e0adeed7930c
-
SHA256
1d059ca891566e0006cb4534dc4ff845fedd1d3d468c12366e12f98a815ed7d4
-
SHA512
f547d694a853e4f0924f54cd7d22d7b384b15e58b45749947df5a5b44c9981d8319c6a537c8b3e517e1ece5de8be98bf95251aee51258bafd948bad269e8b866
-
SSDEEP
6144:KOy+bnr+ep0yN90QE+d2iPWnGyF4ts9EO6GGvo5o8egBZ+t4nDSKWWE3k33GMC:iMruy904d2om56j6RegBYCnprKk3O
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851
-
Size
294KB
-
MD5
19b2c4ee9781e95ecd5db74de6fef0a9
-
SHA1
fd5f11a55b1d7be9afc06faa72b27d6d19706c17
-
SHA256
1d90edda9fc0271748934c0813b8946478823a33b5892d1be2ddf3d383fbc851
-
SHA512
ea137d3330c7fbdca25da29639447211fb36ca49f8e77f38b2b6428adae63ee097ce1564fd4edc0742b39c13854d868dc87f8f08bfa9b5698ad2149a7c1843ef
-
SSDEEP
6144:hTwlNlUt5IpFvjcFRh2/GpOZMNG5L3cYp8eesbZ6O0:QlUt5IpJMLp8J3N8eesbIO0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
1e44c41d8d889c0d0e018128db620f95ba933996ae31dd11da4f5d407c764691
-
Size
390KB
-
MD5
1b39c696c7ebdec56e5bd5e819ff51c2
-
SHA1
13499e2a975747bbc7dfa629b93c79143980cb5e
-
SHA256
1e44c41d8d889c0d0e018128db620f95ba933996ae31dd11da4f5d407c764691
-
SHA512
bd4e865d924da4f2cbbb97f96cc5b31c88f4698fb5d4bc109e191336171aa87f64458960279732395e1ec47c4a10683809435612d9bce181f440a653ff2e3f8c
-
SSDEEP
6144:KKy+bnr+vp0yN90QEITqYImmruIrRHY6y0ZJJqB5bu9CVCyXyNRK2h7nSXO/:uMrry90mTImmiazSBJlwuXO/
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
1ed736973ca7eb70129cafb36c292298f34a8a710160e69aeec7ad93760ed83e
-
Size
514KB
-
MD5
1942d1d3d93833f0a1d4f5381ce33a23
-
SHA1
4056636db4625bb6b3fee03b4c1be992681affa9
-
SHA256
1ed736973ca7eb70129cafb36c292298f34a8a710160e69aeec7ad93760ed83e
-
SHA512
a9569c93345b4565b8e9bd30a1b09400eaba1ddeb3fbcf00d53563d1ba34d4d6f4f5bba9ffe6852ff699de66e8177eab35ffc771741fd9d528e6802726aa3a6c
-
SSDEEP
12288:SMrqy908fsn+JqW9WsGJPMj1kn4tBA6jmcRyqBq08:4yIEqwWsKmy4YikWJ8
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
559234fc528754d07d788aa5eff30aba166a9bab82e9eda45a9737647b0e9fe2
-
Size
390KB
-
MD5
1b4800daaaa7c169f68ec120ba2c3d92
-
SHA1
a70c58e128758611b3a359e6620c3a3e81bcf767
-
SHA256
559234fc528754d07d788aa5eff30aba166a9bab82e9eda45a9737647b0e9fe2
-
SHA512
da8bee5a9df9b4263d8b2b3feae9131e06a3f3e1d9e502da1996fdc6eb2190eaccfd5b6f0b338b0ba2723c6432878f8b5a017ec78dd2c2a52d357ab654fa82f4
-
SSDEEP
6144:K6y+bnr+np0yN90QEo05rDWFqSlrjVfhz4y7mqtimt3n5jkH3IQ:6Mrvy90m0kBBF4y7mqtpZUIQ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
5a4570005d13d7c9c706dbdc0cc5ee5b8dfd33f7be6a6204a95d2134e3a483a4
-
Size
332KB
-
MD5
17c66b0d4e0365acb6ae8471066f11ee
-
SHA1
b110e57ad1e2c4d59709a733028dc9dc78244899
-
SHA256
5a4570005d13d7c9c706dbdc0cc5ee5b8dfd33f7be6a6204a95d2134e3a483a4
-
SHA512
9d7ff2c650cb283a0857707d8079f094c6d82dc0a483a01c6579fe902c7e19d5de64b2b72aa2a06402cdfda283911759013f3dae03a10ab723d851065cc75052
-
SSDEEP
6144:blZwB/LgLN340nTaDpOU7riHRkygh37YwmL6ewFKbTm1OazSI+0Xp:bnhLN340nTP+ygB7YwmuTE3mhw0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
61f1a776dcd13885a5979397d5b945e89d26cfcfe61e000ac89070e4a45bc562
-
Size
479KB
-
MD5
1b385dfef9c3683b4849ce42c7b6b5f3
-
SHA1
8aa540ad4ad25b905fdfadc3e351ba1c49e3e9b7
-
SHA256
61f1a776dcd13885a5979397d5b945e89d26cfcfe61e000ac89070e4a45bc562
-
SHA512
20e65a503be4341c386046a617c4875e006527eebd214299d971650a22c245450bfccd600d9fd9e2d0b6d1a9c5dd719037b2477452e29ddf4bdaaf20b83998b3
-
SSDEEP
12288:MMr2y90GYO4OtK8z1J6Rxt0wptqtOTy2A8xADCvc:qyGV8z1YRgOuUAkc
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
67045db9602c0bb02004555fcae5f1c816ba6ebea367c933be035b042c153501
-
Size
1.2MB
-
MD5
178421ab07fbeb11767d3bda7c24a4d4
-
SHA1
c2fda877254635b05fdda955b6a01651251ec00f
-
SHA256
67045db9602c0bb02004555fcae5f1c816ba6ebea367c933be035b042c153501
-
SHA512
0a48c98fe000cd134b9712e2c812bf92523500b99190b9fe82d4f9e02a05305cabf37daf24ef0feffc5a0bee08d8c7a766c87a29f724652e523c95ef22a58ba2
-
SSDEEP
24576:dyvPA4Sk2aRNRajD7T6B/M2+cjk3w3nz9KXwsvJO6ejg/vi6a:4H3SpaMmk2zk3GzglvoDA
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
6d684b37ca877d403cebced125fab4f36a37e290840da5678e0d43fd35796a5c
-
Size
359KB
-
MD5
18eaeff3ae40e541cbd0cdfdc2298885
-
SHA1
2fe4663c9d407d97bebcd035d901321dd1d9ef3e
-
SHA256
6d684b37ca877d403cebced125fab4f36a37e290840da5678e0d43fd35796a5c
-
SHA512
83c4ef016804df631b4169aac8ff88210d74017b8b19afa7e791bbf9e6c852de2ce64482ce6c29530b4557e75c40f84a827993b3d0f414a0d3306890652bfd16
-
SSDEEP
6144:Kmy+bnr+Lp0yN90QEjHCyMnb6yUchr1x18mlQVMhyoVAWgWMvmy:aMrzy905Ob79hdEmJYvmy
-
Detects Healer an antivirus disabler dropper
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
77cbabe9fe3b8b9ac3422f2b29fbcb0cdb9ee85c7b64b2bde48da25f6ef608cf
-
Size
1.2MB
-
MD5
185f86ba2e9a422cdbc2d5084d00f57f
-
SHA1
68d18b2eb55b0e52f3b60c8a29e297b4e2593418
-
SHA256
77cbabe9fe3b8b9ac3422f2b29fbcb0cdb9ee85c7b64b2bde48da25f6ef608cf
-
SHA512
ab31a0d8ca9d6258f0ac08e0e2fe036bcae54115eddc129760bcf8b43ea51e6f284d6fd533850233c753cfdb864826ea9758866e4b4c5dfdcef7df0137f49d73
-
SSDEEP
24576:2l1TeljsInpBxcyc40xvOGe2ELrnqDgZBJM:2nlInpBxcyc40UBfqDi/M
-
Suspicious use of SetThreadContext
-
-
-
Target
8a73bb4899be69e1a77d74c46f81ca29b85b5c67b642e09f9735dec87b8b4cc3
-
Size
478KB
-
MD5
197bdb6ab21ca786f3cb4bcbe996e12b
-
SHA1
a067fa595f44157386ca833d0728f75821b8712f
-
SHA256
8a73bb4899be69e1a77d74c46f81ca29b85b5c67b642e09f9735dec87b8b4cc3
-
SHA512
bbf0934029cfb446996c77a8eaa93bc9486c0f682ebef4b23ff4c11ae931239ec326fbb940760784d388bce9f2b098b1bdcbd274a4bbf1a5e3196c5c34cb29a6
-
SSDEEP
12288:tMrgy90l9GeSNya5c1u31FTGuKfuvXUG4KSiCT3:Jys9G2eXPTtvv73E
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488
-
Size
332KB
-
MD5
179e52553d0fb86da8b84cdef81b8394
-
SHA1
728405545c126f7e0ca2beee8b650e1f125192a9
-
SHA256
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488
-
SHA512
4fc9150ce2b1bf507da3e0352c0338d31e47230fb3950dcf18a4ab761f73b76ddc3eb40d4fca6a8e071babcf8d7ec7540ab6dcda1f4c655559d25c566421d96b
-
SSDEEP
6144:RlZwB/LgLN340nTaDpOU7riHRkyghbiSLOboK16cN/LmEbQbq0h+0Xp:RnhLN340nTP+yg5iSCbv1T1bvD0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
b72cfb25178ac78d0dfae350873df231a1f4266a913f47acc5018b87cae84bdf
-
Size
514KB
-
MD5
1a923777979bd128a48a6763dc11d9e9
-
SHA1
49fedd0810c09f8ba69ec86fd6640b15d51b5e85
-
SHA256
b72cfb25178ac78d0dfae350873df231a1f4266a913f47acc5018b87cae84bdf
-
SHA512
590fdd6a3a9a3ca0acf772624b47eb40016390d484bf0a3e61eea2afb091b8387c29a24ec6e9113240281e4b4b380e060bec08a1d400ac7f92ad6c24f2927aa0
-
SSDEEP
12288:pMrdy90UCukTJyxW8iKhhYuEzBuu2wgmF2bq:MyxFkTJy5zP9bbq
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c2ef692d84f694cd08e3238ae431c5636be2dc51342782c20a577eb05217557e
-
Size
493KB
-
MD5
1761d24d7f96a35e847190277919f80c
-
SHA1
18ea3a12a53ff44662b84b1d32f69f3500830a37
-
SHA256
c2ef692d84f694cd08e3238ae431c5636be2dc51342782c20a577eb05217557e
-
SHA512
e3c82cc5735f8a6db600d8d6c54445dfb32d2880bac7674e3a339ad3062b892715489f523242095f76214b2eeca027c36343e9e4af23ae362e14882245f4cfbf
-
SSDEEP
12288:M3LL2O80nTAiKyg82yeGz5uKIN1LGab5P6L4CvZ55s+KD0Xp:M3LA0nnzmLGkPxCR5v
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
c39106a3520b59f859a00bc0014f6b5a4846b40742a925b66283b31e62094c4e
-
Size
294KB
-
MD5
175e3db636d9fd541cc11991815ea662
-
SHA1
c5e30c78f298c1aa26768bc036795e19ed7e60d7
-
SHA256
c39106a3520b59f859a00bc0014f6b5a4846b40742a925b66283b31e62094c4e
-
SHA512
06b1bc8a9746e8dfd1a4d72e98b8b76a1f543ae0c72c9e0233dce81451d7521f586da373e69459170a8d9442da4883f8247cfb9714227744c765c892583ac5c9
-
SSDEEP
6144:CF/pvusFFxSzg1ksK43NvCoC9W8Fa/T9Hb5T2C8c:CF/pv5r1tK43NiW4ah
-
Detects Healer an antivirus disabler dropper
-
-
-
Target
ca6d56a637f121ee6406def5cf89663c3e54b2e175e98d4469fb3e3a46e190da
-
Size
925KB
-
MD5
182c7282a0ce3f4b3167518c8a2f9d66
-
SHA1
7277f55f22c18008840d4aa0c65721df2129d761
-
SHA256
ca6d56a637f121ee6406def5cf89663c3e54b2e175e98d4469fb3e3a46e190da
-
SHA512
57895e1fe2d89271097e920e8eeaccbeafc861fde18aa85cdac7cf716cebb332fe201e2821512be04a92c965894526c3f7bcb8d3d7b010909cc8318f95ce79a0
-
SSDEEP
24576:UylKFVXmbDRGB2xA30pIMporMtfc/FgIHs8:jEVGFGB2CkpIuPtfees
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
db14966ca75480a4e8f9f3d18c7bada2f205a1ac7404dbeda068279afa55b1cb
-
Size
274KB
-
MD5
17c694e79f6d36c7ddf2d0826847af9c
-
SHA1
4a9ede0f5efe78a4807230fa8dc0ae4d9e6fd9e8
-
SHA256
db14966ca75480a4e8f9f3d18c7bada2f205a1ac7404dbeda068279afa55b1cb
-
SHA512
bfe84a7d6a038df984e6d789c0169771a567488137d01b8df27b67706aca915fddb14d510dc9c654281b25a2e65cf5c57d009b16cd78a0170ee13dd70e12b363
-
SSDEEP
6144:SJhy0g57Kx1lgD0568wQ7tuMp2tHnAm9CMtM:SJhcx0568wbt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
-
-
Target
e800205bb9a5d3866d735915080e828250891d7d9c930245afd8def35dd08dfd
-
Size
983KB
-
MD5
195bac3e181550a1749e52bd3abfa2e1
-
SHA1
4c44adf44e16bdb2d5891d0ca5534e25d8cd8811
-
SHA256
e800205bb9a5d3866d735915080e828250891d7d9c930245afd8def35dd08dfd
-
SHA512
7ac7714a302ee5d0a2592b1273fa20f3162a4c8e46519274b97bfed634a28fa461d19d212eb648b6c540bac10dc7d94b9651548d9d2bb3f58e39de1c4456a41b
-
SSDEEP
12288:xNJJwXdk+4w8ea9YVhYu48bk0/jLvzVbJmeMIulognDsexGeMcQh:xNJodk+4wv+YVhYu4r6LvJFsngve6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
f8a2da44f9c18482323d9e1ed99567d3a35b95656bc1b023d86e12f305565c41
-
Size
515KB
-
MD5
1b6ca4b3887874447697d2dac0664cf5
-
SHA1
0b2ef46a6bd9883b04ecaf8ae6fc47df13e2f8f2
-
SHA256
f8a2da44f9c18482323d9e1ed99567d3a35b95656bc1b023d86e12f305565c41
-
SHA512
4435a0bfc90dd2574a28ce91d519a4566ff85413fb13b5c6690d2e868410abda41ebd05e4129f20fdfafb989d5f2bf424ef84234925ebb33123e0a434a4d6a5d
-
SSDEEP
12288:XMrfy90fa+YaQ3g3aNwmYu4neyzKmErzq93TU1cFdsJ:4y0a+YahqJYuGey2HAEJ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3
-
Size
1.2MB
-
MD5
1a16ee68f1207233e67c2c808805a723
-
SHA1
e2867e17c5b2cf680cf121ecfd388dc4f9380035
-
SHA256
fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3
-
SHA512
7330de14cde4232c5020944b2a21f11bb9a238762b71e0947315bbb749a749c9d1b0500a03bd8722edc3f748fbf03d3045eb6e41e101e4340c207af9c24d40b0
-
SSDEEP
24576:7OG/5S/uUaFhBylaHU3TMzhIhH4aZGjpUwMHqsOL+QX:7OGfFhBylaHy8DsON
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1