General
-
Target
428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4
-
Size
1.2MB
-
Sample
240817-y4nlrsxenq
-
MD5
1b770e134595e88e7bfe52bd21910268
-
SHA1
cddfeff7348a043e63409c5152cba012c4bb447e
-
SHA256
428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4
-
SHA512
0a84caa7276dfdbecdd5e34269a5bc19462bf471d153cd23c7ea972194329612fa60fc9a0076610ace8389b6f3d7c09dc8325e778a46b26de3437584d8483745
-
SSDEEP
24576:o74cr0oaB4zPAqgNC6m38vyLFYlwnlEjhfUiLe6eWyFQG:m4crJyzqgN23gqF+G1h6ebQG
Static task
static1
Behavioral task
behavioral1
Sample
428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4
-
Size
1.2MB
-
MD5
1b770e134595e88e7bfe52bd21910268
-
SHA1
cddfeff7348a043e63409c5152cba012c4bb447e
-
SHA256
428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4
-
SHA512
0a84caa7276dfdbecdd5e34269a5bc19462bf471d153cd23c7ea972194329612fa60fc9a0076610ace8389b6f3d7c09dc8325e778a46b26de3437584d8483745
-
SSDEEP
24576:o74cr0oaB4zPAqgNC6m38vyLFYlwnlEjhfUiLe6eWyFQG:m4crJyzqgN23gqF+G1h6ebQG
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1