General
-
Target
304803e5d6df565e029d25e604b007721d002348a6702067648718d0e5484d25
-
Size
1.4MB
-
Sample
241104-qrrtna1bnk
-
MD5
bbf24d5445fad8476bd1bae77f1bd449
-
SHA1
edc5eb3a5cbafa3ea45d6cfcb00ed770ad212193
-
SHA256
304803e5d6df565e029d25e604b007721d002348a6702067648718d0e5484d25
-
SHA512
e4dffd2dc4a6b1d60f579297846f9470c09608c6cc451ba66131394c317b9ed4f65b5c9ca9364bcfd88ce39368a93755179ec31bba42cc68853874b700d72e3c
-
SSDEEP
24576:rywAUnOpItG/wN31z+PVueJdJjAysjfTPaMNd6twMiuAN6P4OCtBbNXH0HAESHNE:eOOv/a31zUdJc6vavbxoStEl
Static task
static1
Behavioral task
behavioral1
Sample
304803e5d6df565e029d25e604b007721d002348a6702067648718d0e5484d25.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
maxbi
185.161.248.73:4164
-
auth_value
6aa7dba884fe45693dfa04c91440daef
Targets
-
-
Target
304803e5d6df565e029d25e604b007721d002348a6702067648718d0e5484d25
-
Size
1.4MB
-
MD5
bbf24d5445fad8476bd1bae77f1bd449
-
SHA1
edc5eb3a5cbafa3ea45d6cfcb00ed770ad212193
-
SHA256
304803e5d6df565e029d25e604b007721d002348a6702067648718d0e5484d25
-
SHA512
e4dffd2dc4a6b1d60f579297846f9470c09608c6cc451ba66131394c317b9ed4f65b5c9ca9364bcfd88ce39368a93755179ec31bba42cc68853874b700d72e3c
-
SSDEEP
24576:rywAUnOpItG/wN31z+PVueJdJjAysjfTPaMNd6twMiuAN6P4OCtBbNXH0HAESHNE:eOOv/a31zUdJc6vavbxoStEl
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1