General
-
Target
bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1
-
Size
835KB
-
Sample
241104-qr6ykszgjb
-
MD5
2ebaf2f39e4fc390934aa07e7b761522
-
SHA1
793fd95d12a56258dc31defd5863129265f23073
-
SHA256
bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1
-
SHA512
e224e29974aca149ee97db9778282d1ea04faa9aa27fa8a7f91a6c4713965d114367de0605fd058cb3cc739aecab7716f444cde1364c21ca1e8d298ca3b714ae
-
SSDEEP
12288:WMrny90zwpuVJsldRik/ax4tQlazQnaNKee5hb0Hd3Im9n7O7uJJsVK+Ft+Q1j0d:JyMlJ6le9aN2v0HhIm9n72OsAat10b
Static task
static1
Behavioral task
behavioral1
Sample
bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1
-
Size
835KB
-
MD5
2ebaf2f39e4fc390934aa07e7b761522
-
SHA1
793fd95d12a56258dc31defd5863129265f23073
-
SHA256
bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1
-
SHA512
e224e29974aca149ee97db9778282d1ea04faa9aa27fa8a7f91a6c4713965d114367de0605fd058cb3cc739aecab7716f444cde1364c21ca1e8d298ca3b714ae
-
SSDEEP
12288:WMrny90zwpuVJsldRik/ax4tQlazQnaNKee5hb0Hd3Im9n7O7uJJsVK+Ft+Q1j0d:JyMlJ6le9aN2v0HhIm9n72OsAat10b
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1