General
-
Target
93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0
-
Size
538KB
-
Sample
241030-1wq32asclp
-
MD5
0746b3583a25774e62b81755942afb02
-
SHA1
8fecfe529d7fa7faff2bd77b7dd52b21d4a5bfff
-
SHA256
93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0
-
SHA512
213dd8614db383269624ffd2d588fd770553e8e4854fc261b09778ccb997456dfa351b32c731a692e05c409c1c04c1530cb9c623808d268af8f80c875c0c7498
-
SSDEEP
12288:bMrGy90Vb9S+ZhEhQrWZi9azYix+I4+d6o7gDM7eoAW:hy2TZhE/iQzYy3oCCO
Static task
static1
Behavioral task
behavioral1
Sample
93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0
-
Size
538KB
-
MD5
0746b3583a25774e62b81755942afb02
-
SHA1
8fecfe529d7fa7faff2bd77b7dd52b21d4a5bfff
-
SHA256
93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0
-
SHA512
213dd8614db383269624ffd2d588fd770553e8e4854fc261b09778ccb997456dfa351b32c731a692e05c409c1c04c1530cb9c623808d268af8f80c875c0c7498
-
SSDEEP
12288:bMrGy90Vb9S+ZhEhQrWZi9azYix+I4+d6o7gDM7eoAW:hy2TZhE/iQzYy3oCCO
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1