General
-
Target
14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150
-
Size
1.0MB
-
Sample
241104-qs9qvszgkb
-
MD5
fae4d57cc7d87f74415914001edc5b68
-
SHA1
bb509c48a27af9323294797cf25eef291a257a6b
-
SHA256
14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150
-
SHA512
94e37a98ba13c5076c26df430653159270ac9927019631014067851e18a9553d93f17e2549d4311c4fb7b9da1641dec718ce88158a25c63e937735b2b6d8ccb2
-
SSDEEP
12288:NMrry90QD3hBd+J9EZx65kgL34SEr0NHHd7eS3qZclysEosOHBA5fbDjTZok6Fh5:CyHDRB8Jax6Sg74bTJBDjFm2blFoZ
Static task
static1
Behavioral task
behavioral1
Sample
14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150
-
Size
1.0MB
-
MD5
fae4d57cc7d87f74415914001edc5b68
-
SHA1
bb509c48a27af9323294797cf25eef291a257a6b
-
SHA256
14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150
-
SHA512
94e37a98ba13c5076c26df430653159270ac9927019631014067851e18a9553d93f17e2549d4311c4fb7b9da1641dec718ce88158a25c63e937735b2b6d8ccb2
-
SSDEEP
12288:NMrry90QD3hBd+J9EZx65kgL34SEr0NHHd7eS3qZclysEosOHBA5fbDjTZok6Fh5:CyHDRB8Jax6Sg74bTJBDjFm2blFoZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1