General
-
Target
77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f
-
Size
851KB
-
Sample
241104-qmryvssqdm
-
MD5
b5400b3c5afbec5b7ec646aadde072c1
-
SHA1
4d92db7b95b7edec5b9682728d4356371c985640
-
SHA256
77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f
-
SHA512
7e7251693c19422796e44f7c4786c1152bf00f8244bfaf86049801890047407446c46ae392c227157f0629978447e48cfddc75a254ab00b582beebee3ccbca60
-
SSDEEP
12288:LMrKy90TuBlHc/XwzmOlpDZQB25Na1MWRx3zVXPgewpPGgEwExQkVUt1oEodnihI:JyUQI6pDGsYR7YewBDEwEykVUtH+d
Static task
static1
Behavioral task
behavioral1
Sample
77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f
-
Size
851KB
-
MD5
b5400b3c5afbec5b7ec646aadde072c1
-
SHA1
4d92db7b95b7edec5b9682728d4356371c985640
-
SHA256
77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f
-
SHA512
7e7251693c19422796e44f7c4786c1152bf00f8244bfaf86049801890047407446c46ae392c227157f0629978447e48cfddc75a254ab00b582beebee3ccbca60
-
SSDEEP
12288:LMrKy90TuBlHc/XwzmOlpDZQB25Na1MWRx3zVXPgewpPGgEwExQkVUt1oEodnihI:JyUQI6pDGsYR7YewBDEwEykVUtH+d
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1