General
-
Target
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
Size
690KB
-
Sample
241104-qql7sazfqe
-
MD5
b81e6329c67b66fc02826bb86b936c4e
-
SHA1
41a4a27cdc7da727965fa19521a4317b1d27e8bc
-
SHA256
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
SHA512
e1efdbac616b22d4f9bcf19d8a2e504b5123f1d344a7a4837bdaf5d0ba38bebc48ccfc4ac736c902880095e2dc5705374e4e6606860bc717cbe3a982a5b6f9c8
-
SSDEEP
12288:XMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:XM03s6w5UsPjD//sWqofEifG75tXvH
Static task
static1
Behavioral task
behavioral1
Sample
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
Size
690KB
-
MD5
b81e6329c67b66fc02826bb86b936c4e
-
SHA1
41a4a27cdc7da727965fa19521a4317b1d27e8bc
-
SHA256
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
SHA512
e1efdbac616b22d4f9bcf19d8a2e504b5123f1d344a7a4837bdaf5d0ba38bebc48ccfc4ac736c902880095e2dc5705374e4e6606860bc717cbe3a982a5b6f9c8
-
SSDEEP
12288:XMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:XM03s6w5UsPjD//sWqofEifG75tXvH
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1