General
-
Target
red1.zip
-
Size
8.2MB
-
Sample
240510-r71l6see94
-
MD5
45d677466232633242693b3722013ca9
-
SHA1
9f01f4e83a41f4d7ff833c68f2674dab9081658c
-
SHA256
9bf42d30009d4ddad615b803ba623f0520c82c23439142288ce711002d7b3292
-
SHA512
5a94b7eae0600e5877cdc0516b7fccfc1ab43dc634cfc949e6ca0287c8ddeb10da9c5daa6216f74b6e6691fafb783aabe1a81f0d17cad721d44d17457e88b31a
-
SSDEEP
196608:7fLgqoLQbbFyYgoqmwbih9B0EtuAEfcDTK40LkO2:3roLwbFyYgoYSrtf5
Malware Config
Extracted
amadey
3.86
http://77.91.68.61
http://5.42.92.67
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
@nmrzv88
147.45.47.93:80
Extracted
redline
@qwerabuse
45.15.156.167:80
Extracted
redline
5345987420
https://pastebin.com/raw/KE5Mft0T
Extracted
redline
5637482599
https://pastebin.com/raw/NgsUAPya
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Extracted
lumma
https://plasterdaughejsijuk.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
0f6ce02639d4d4caede8c3432a529ff995f9d50cbfec335bbe9dc19b8f5c9ddf
-
Size
390KB
-
MD5
fbe11448c95eb3d859b67811a5027ccd
-
SHA1
f3ad51fdea8d704a2ac80be6fdf81bc1fd99e72b
-
SHA256
0f6ce02639d4d4caede8c3432a529ff995f9d50cbfec335bbe9dc19b8f5c9ddf
-
SHA512
a048298718fd19a810bbffdd73e39027c1458f085cd3ebca042ce8470979c1b5830d1e4f16f7fc3ccc96dd546f78d850c90c3493887cca66e0ecaa4c34f911c4
-
SSDEEP
6144:Kny+bnr+Wp0yN90QEa35FPZiqimkWn7ZNjQBLvam3+eYNKV5HJuZMBrCFXkK9xMH:hMr+y90s37PZq+k+v4fJAMdgXACDYv
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
17dbf09aca5536c41f48cdee19e90cc995aeb0b0973ec6bca572f03b1ead46d0
-
Size
332KB
-
MD5
d67ab3cb264ae5190625cb455a83d79f
-
SHA1
234b6c25d1d8768e4b3753c93b4cf54bb5ccd7d1
-
SHA256
17dbf09aca5536c41f48cdee19e90cc995aeb0b0973ec6bca572f03b1ead46d0
-
SHA512
9c75563fa91765b4aec47385a9f7bc17b5d779285ec9b9c7c39fed5e0335a4baffa2133e444b47d9535c449d09506c9ca0ecf4e9de62a10c977691815b338099
-
SSDEEP
6144:C3TwjHHEJ9B4S9re5BAYhePRmygho+ASr/FvRbsW0fRaSZ+0Xp:CDrJ9B4S9rPiygO+ASBRZk1s0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
1b624e343d222ec9333b85d3af29b913b42ba3196fcb192f618e87ec4afa8855
-
Size
389KB
-
MD5
fd521013454248e86a636512dbe3d338
-
SHA1
2c2b97dee16c2d7ced7d76ce594e03270ecb9e8d
-
SHA256
1b624e343d222ec9333b85d3af29b913b42ba3196fcb192f618e87ec4afa8855
-
SHA512
24d919b6d86e34a0cf3c2d5890af0109e95cbc65d05b9647895fc3db2cb4d9a8fc340a19b97bc1c66eb74d596f183a274ee868717e3166157385e4a3132b03be
-
SSDEEP
6144:KCy+bnr+Sp0yN90QEnJi2omMch2DFto8CKsEIxqySgBZ+t4eDCpUDozUP:+Mrey90NJ7omMFFt+KiAgBYCe2pkozo
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d
-
Size
1.2MB
-
MD5
fb2fec42f81a255012c589b29e4f086e
-
SHA1
99110b60ce21039ed15f571a46159ed2409d2ead
-
SHA256
2faa75c50b323133e8cbf507e6a3a4846097090d2e2c1a5afb174f798ee42a6d
-
SHA512
0c36b9af63f1e1aef4cd1146c9b99902fcc8ca3bd61228b163336f10085170ae31889dc1837ca0b1c547818e4bf4b60450ff1b7599b324ac22bae8290fd5e3da
-
SSDEEP
24576:EXixqeljPl1pVbGqvHnoPa+YioUMMn/NNT2CPQ6:EyTl1pVbGqsuM/L
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
4be1f370e880d06da141a2c9957de478c40592a3abf6312aa8c2ef401a37d36b
-
Size
306KB
-
MD5
d41a5cd7a3a7870992cfd75c5eff1637
-
SHA1
8365910e5f8fff802cd8d928351270432128abaa
-
SHA256
4be1f370e880d06da141a2c9957de478c40592a3abf6312aa8c2ef401a37d36b
-
SHA512
893c73fe37c917bf3c8557c1344e03daef3d1264a0296847fbd5e667e0070b6c920a58f709ec96bb2c1afd22a485d366479f57911eb5073e4c77e6f43243604e
-
SSDEEP
6144:vBZd9vSWh60RVAtljy11yiI8iz2jaYO9eGoW/JyL985:JZiWhHE4i6qfRyL985
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
576cad65a899197ae35e757e578a7c10c29e57c266d1fa4931c6f98f3d2e3a60
-
Size
309KB
-
MD5
d3bf3e3b405c7e061c537049b66ab8bf
-
SHA1
95c95f994c58ed18058aed197472e2847ccd6e91
-
SHA256
576cad65a899197ae35e757e578a7c10c29e57c266d1fa4931c6f98f3d2e3a60
-
SHA512
9d2cc83a1a32c3b6195373ebb251f972bb6635d8b891fe29fb3b7fcce1a7d2bc821c76d39e00f5be6d235186afa005e53a9a502474ecb7d0275e62162e297ed0
-
SSDEEP
6144:KAy+bnr+wp0yN90QEj5F5OYc1u31g4TByCkUMPHSage8pG3zd2:cMrUy90Hxc1u31TTEC3Dp0J2
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6aa8d5d0d6b96fe2a165ee46c9e31059a444b4fae6660eee669539f88bf869df
-
Size
308KB
-
MD5
d5f61fc6a8c52e0a93619aa88abf0823
-
SHA1
e8ab904b74f798424102a1739f810f09f1987d60
-
SHA256
6aa8d5d0d6b96fe2a165ee46c9e31059a444b4fae6660eee669539f88bf869df
-
SHA512
3b5a5f2a02c8788cb4e7245073766e30d3bbb4cb635ae648502d80ceed32a876b0103bc90ecc4fb1749f84d354cc3ba91034aad95f3fd1ea82fe12eca0b6b85f
-
SSDEEP
6144:K0y+bnr+jp0yN90QE3lEY+zbPsn4Jkb2LPrKRc57uiL4P7:MMrby901b+zYebLPrKG5fL8
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069
-
Size
527KB
-
MD5
e37cabc57eb01eeee18f0fe54dbf50ed
-
SHA1
2d8fb6568c8b5bee977bf86c45295ec17943e1ae
-
SHA256
6eeb3d69d9979df74b9c482de2344395f5470b94f07494b4a4dd74fb5d286069
-
SHA512
115cc30d1e2c0ac66ed22908e2f433209d318b79b58e2df5b2b2e44b3890208c87abe5147d21009b3f5362f7bca79324ae1c44d916232981813fdd2e8c89314a
-
SSDEEP
12288:HZIeNiEvQJt6ygIYBz0birVU2fROWON90Xp:HZIsvQwzHHh1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
77b8709187b6802be16e005b1139331349304c04ecd4e741e8609229f0134806
-
Size
1.2MB
-
MD5
d1e1389d7394ab7fd98f90373af3c315
-
SHA1
b64dc6b0be03d27fc358ce333fbdf56eab28447b
-
SHA256
77b8709187b6802be16e005b1139331349304c04ecd4e741e8609229f0134806
-
SHA512
0399874bcd6c22dbc7813a0284bed230d3c9bf6100e47b3674d4e623608da032b2583c78e0292b7d5344e0d0841074d69f55a1682946fa04b164ef944c6bde9f
-
SSDEEP
24576:jqhdhAS3onZANlQWEwhv8Pu7CRydP3B0IyIV62:jgponZANlQWEwSyCRydP3qI1V62
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb
-
Size
332KB
-
MD5
d84439daf93489d765085cc2f32f6cc5
-
SHA1
0590cf46425d0e6872b91aacfa9ee77ba360910e
-
SHA256
7f4e22792482af87ecb52079082a4c33f24544a6b37c4e5da40ac1ac7f9ca3bb
-
SHA512
8640f95d913066e653a3014e40dc283667e4b8ab09f8494b87f99371632cb3910e7cda9850c10d974a6ae336e750d68ac0154fe124bd88d2c5bcd1d87dc39c22
-
SSDEEP
6144:UFpwxf1gbCn4EXza9J+0rrCJJRgyghmqL7D1XkA59Kje+0Xp:UXbbCn4EXzt5oyggqLV0R30Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
8a870280a0dc165cadf46427c4e47c56d3fa42aa2cf823a54358bf48f5102435
-
Size
332KB
-
MD5
f98aa564c242bfb196410e0790d86bec
-
SHA1
c882a94a6303f80aca544fad54502ae09289d107
-
SHA256
8a870280a0dc165cadf46427c4e47c56d3fa42aa2cf823a54358bf48f5102435
-
SHA512
695ccefb3486c9a1e04eafa38f9a58b66360b0529dcaec4b73925985220be1f244b19ce59a22cd0f179245380d87bd2e3bb3f5aa394b61fede1a80f756dc2fbd
-
SSDEEP
6144:03TwjHHEJ9B4S9re5BAYhePRmygh6BSJ/Yt7wuo1+Wjnhx+0Xp:0DrJ9B4S9rPiygcBO/q++6U0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71f
-
Size
517KB
-
MD5
d41f1c7e31301333d4566921fa2e746c
-
SHA1
96f01a64517b81d61603d8d63d0a541c46989f11
-
SHA256
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71f
-
SHA512
49b5db3895973f5a63fa5a08d047f9a9b14b82352cb65a5a87c7be12be1797a159276c75dcc16fc61a4c4dba545ca4cb29772a8a4e07f086a47367ca2d5718dc
-
SSDEEP
12288:WMrPy90Mk+nx9EIMXo6ST4w8kur2PMHtpq01YsEc:Zy/vvDMXo34w812P6ash
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b21367ffaa0009b30055944fc1052857ec46336d5bfe2efd3dab109667a56fef
-
Size
1.0MB
-
MD5
fcec5bd6e991dabef70f77e08e42bccd
-
SHA1
3ae3b13a9757d327ed4227102d5b0b54712f19d4
-
SHA256
b21367ffaa0009b30055944fc1052857ec46336d5bfe2efd3dab109667a56fef
-
SHA512
59a2d1cc2576e55beff18f52573b6ac7baae8839dbbf536d5126f88d873375ebb9bb287606021e9c3c14533b004bde6bc3e28511fa646ef65cafabe6fdd4573b
-
SSDEEP
24576:PyvzwYJvJY4834KiT25Y/fUlpyY4yWvHIPnpAOD6FA7dZJ7Rj:arwamDIn2i38WPIpDzR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
b62068be50129166f539eb32a63746c4245a497e9b72553efdf326582cc5f4da
-
Size
922KB
-
MD5
d86f13a3db074ef7115f9b305cdf356d
-
SHA1
d0f7e04a160f577a0fc1f2855d4b2a75705f6a15
-
SHA256
b62068be50129166f539eb32a63746c4245a497e9b72553efdf326582cc5f4da
-
SHA512
95d1cf4a6a8fc9aa0fcb81bacd78051ef8d06a27bca3e27053283006d9052e6a6329fb0cb5625c6cd9298760d379d043ae18dfbf9c55be002a23f8b7a33107b6
-
SSDEEP
24576:ayCGAwe+RYdJNjQiVFX9ZD9I21pB3C8MMdMxeoG:hCUe+R4JNUilZDH/3MkMxF
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
be5114d10db820426670fbbb41db92b8671a5f55a0b396e2d54b44606067a6f3
-
Size
307KB
-
MD5
851a5f99a016bd43c7a70531d0676684
-
SHA1
d079d1c95a771f7b293d4936e046f144599191f6
-
SHA256
be5114d10db820426670fbbb41db92b8671a5f55a0b396e2d54b44606067a6f3
-
SHA512
3205df87162fa5c10064d9361c78e7c07582c7da1d7f327e74d3758f477c585e5899e3b82b2a654307d295490f39e39b4d04fb25c27c1cc27f932380a2f4d361
-
SSDEEP
6144:KFy+bnr+Yp0yN90QEIwSAlqDfNUkP85+kon5P8l:jMrUy90BrtW85+Tql
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d191282ff466919a5feb6c8682f696332eded6dd8747d336fe16593c6ea96f7a
-
Size
390KB
-
MD5
fc8a749534902b784a021ba891b2de71
-
SHA1
824c3750ef168c3eab90a5761864157f47ec971c
-
SHA256
d191282ff466919a5feb6c8682f696332eded6dd8747d336fe16593c6ea96f7a
-
SHA512
26c9096fccc01a9c74f1a380a9d4052843711502d5da32d4a3c371f98b7abb3abf7905e08c94c4f8c717949950d0320cb3457cb615b9b6e085cbe8cf070e2769
-
SSDEEP
6144:K7y+bnr+7p0yN90QE++Xq2qkWcnZNbQR5mbZvdLFhJauS7BfbCcHnlRHGb4kXyG:hMrry907a2RdL3AuWOcHnl9z0+Ei
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
de9167b7720db28dc71aba69c32792f2bcfef4425545478b6b641677be8a0391
-
Size
309KB
-
MD5
fdf9a7c0cae94329d226d32d7d91f498
-
SHA1
ac8b5a5a564bcd9aff895a5d98d1bda40679c691
-
SHA256
de9167b7720db28dc71aba69c32792f2bcfef4425545478b6b641677be8a0391
-
SHA512
976121688ed988b8bf81d0499ae262a78b3d837318566044a8893285b09eb10f117f0de6535c05120379f108388a83205fb00c428ef69e0c8eb6a5030342de8d
-
SSDEEP
6144:Key+bnr+5p0yN90QEX5F5OYc1u31g4TByzCZJEXbeqEzaILim:aMr1y90Hxc1u31TTEzCZWXbBsv
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f6dc0b4c65662a9753e54800489b07d9f5a6a4c896a61d93f3a1a3e28d5bc9d6
-
Size
390KB
-
MD5
d34cfe3583bc421f5644a1fd7ed61f53
-
SHA1
75ccaf032237a6b8a392fa4ab52577030f805e1c
-
SHA256
f6dc0b4c65662a9753e54800489b07d9f5a6a4c896a61d93f3a1a3e28d5bc9d6
-
SHA512
b608a0e2a670766d3530911938ced2d288a559ba109bf992799e4e0e98ddcb7c13ddef2ec0e2bcc9648839b65d519850a1da431ef1728078bb57af8d013b838d
-
SSDEEP
6144:KAy+bnr+ip0yN90QEOZrg/uOH+aqFJOhbEM7bSnjHwVCcHnlRHVVE/iRzFmp:kMrCy908ZrgWBa25njHhcHnl9Yqmp
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f85eca1ce903e035e1355a0ec74636f6d825aeaf8efa5c98472b6acad6536365
-
Size
332KB
-
MD5
e42fda1a40844c8de37c2dc02f66aac3
-
SHA1
ff0598ce5e85269d0e2a1642d7e3a2a40f4c1f5b
-
SHA256
f85eca1ce903e035e1355a0ec74636f6d825aeaf8efa5c98472b6acad6536365
-
SHA512
1fdfaeb2066300ba2f83fa6aaff400f9661052ca7e31917f003fcfd8a1cbbbc604b874f554370b5e49f061de34c8782122029301261d0fff6742c2026546da8d
-
SSDEEP
6144:G37wrn1UxfeUoqlrmVfhIIpe/Raygh4zekZYFnAGmCKjwoNlhMeC0FiXeU+0Xp:GrRxfeUoqlrmYOyguzexeCdoNlhMRXei
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
f8dfa98c4e38deff7955c243f9db7b01692e43c0997eca9e5e141cc565cf05be
-
Size
908KB
-
MD5
e4759911e541d7a543ea033b0928ddf4
-
SHA1
e39c427a6cf47b16cddabfd2c7fb00038e1dbe1f
-
SHA256
f8dfa98c4e38deff7955c243f9db7b01692e43c0997eca9e5e141cc565cf05be
-
SHA512
7760d634d8a8b0a2e2c9847c4c367589607de2d7ac43112830289dbf3585902dd0f824ebfcab04040f701afa6b86884824aed2f032e6c09714ac8575b7bf9e42
-
SSDEEP
24576:JymRvMfvH6jv/02RcWIfpZCzHKXYSvbx3ejLORx:8GMfPQc25Ifv+qHv9uW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
10Windows Service
10Boot or Logon Autostart Execution
12Registry Run Keys / Startup Folder
12Scheduled Task/Job
5Privilege Escalation
Create or Modify System Process
10Windows Service
10Boot or Logon Autostart Execution
12Registry Run Keys / Startup Folder
12Scheduled Task/Job
5