General
-
Target
3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a
-
Size
478KB
-
Sample
241104-121vesybrc
-
MD5
84e74956da64496c4adad1d7ba037582
-
SHA1
2ed243999bae724e16032c0f75e29eee2fd43045
-
SHA256
3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a
-
SHA512
a34223a60a38afd2b925cfc6bbe06d1b325fd5d5f076c516e9091161a53c3af5889a7f146c55b53dd5be569013835647782e67f6dee70747a797e07a128a2e4c
-
SSDEEP
12288:VMrEy9090whe+8Ft5c1u319TmnEGeq72Wbc7tbg:Ny3whlQzXrTach0
Static task
static1
Behavioral task
behavioral1
Sample
3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ditro
217.196.96.101:4132
-
auth_value
8f24ed370a9b24aa28d3d634ea57912e
Targets
-
-
Target
3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a
-
Size
478KB
-
MD5
84e74956da64496c4adad1d7ba037582
-
SHA1
2ed243999bae724e16032c0f75e29eee2fd43045
-
SHA256
3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a
-
SHA512
a34223a60a38afd2b925cfc6bbe06d1b325fd5d5f076c516e9091161a53c3af5889a7f146c55b53dd5be569013835647782e67f6dee70747a797e07a128a2e4c
-
SSDEEP
12288:VMrEy9090whe+8Ft5c1u319TmnEGeq72Wbc7tbg:Ny3whlQzXrTach0
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1