General
-
Target
0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d
-
Size
1.5MB
-
Sample
241104-qq11yazkdy
-
MD5
0057d24fb397126fb1f15370ec1da35f
-
SHA1
97a82b5bac9d2a8c4e7960297fb11e04c724e43d
-
SHA256
0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d
-
SHA512
a69649ac5d199d71c5f9fd8d3c6378df6aa5af1249afcebaeea72a45d6d41ff217df9d786beed48788ffb9609e6d9f41e04918410a174b4f854018ebe122624a
-
SSDEEP
24576:tySllzVNEwZofP+D9UfTgIFYqiQUgCxJ6QiDAfq95gPRlnphg4Z:I4hXEdP+yiVgBDrTgTnphg4
Static task
static1
Behavioral task
behavioral1
Sample
0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mazda
217.196.96.56:4138
-
auth_value
3d2870537d84a4c6d7aeecd002871c51
Targets
-
-
Target
0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d
-
Size
1.5MB
-
MD5
0057d24fb397126fb1f15370ec1da35f
-
SHA1
97a82b5bac9d2a8c4e7960297fb11e04c724e43d
-
SHA256
0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d
-
SHA512
a69649ac5d199d71c5f9fd8d3c6378df6aa5af1249afcebaeea72a45d6d41ff217df9d786beed48788ffb9609e6d9f41e04918410a174b4f854018ebe122624a
-
SSDEEP
24576:tySllzVNEwZofP+D9UfTgIFYqiQUgCxJ6QiDAfq95gPRlnphg4Z:I4hXEdP+yiVgBDrTgTnphg4
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1