General
-
Target
5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c
-
Size
481KB
-
Sample
241104-qq67ys1bml
-
MD5
d791956f6d34e425375da78607683460
-
SHA1
4df50a8f1a28ddb1ffae20919ddf432df6ab62a5
-
SHA256
5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c
-
SHA512
fa92f3af1accdcdc1c1a5027b46e18415740d02e31f8b1d330dfdb8bf203149b32d95198c9c2c8a846f3f47bb51f5fa65f1ec7e2bfd4107264357650f3fadf31
-
SSDEEP
12288:7MrFy906Dl0RA5c1u31CTqKnEalxyTwP8c3u:uyp0IXUTJ5lxyT28Gu
Static task
static1
Behavioral task
behavioral1
Sample
5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
misfa
217.196.96.101:4132
-
auth_value
be2e6d9f1a5e54a81340947b20e561c1
Targets
-
-
Target
5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c
-
Size
481KB
-
MD5
d791956f6d34e425375da78607683460
-
SHA1
4df50a8f1a28ddb1ffae20919ddf432df6ab62a5
-
SHA256
5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c
-
SHA512
fa92f3af1accdcdc1c1a5027b46e18415740d02e31f8b1d330dfdb8bf203149b32d95198c9c2c8a846f3f47bb51f5fa65f1ec7e2bfd4107264357650f3fadf31
-
SSDEEP
12288:7MrFy906Dl0RA5c1u31CTqKnEalxyTwP8c3u:uyp0IXUTJ5lxyT28Gu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1