General
-
Target
9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7
-
Size
821KB
-
Sample
241104-qtdptazkgv
-
MD5
2ec0cc03412324be47c5d88d97133451
-
SHA1
6506cf125e9a8b56e79c4a950fd331c02e05656b
-
SHA256
9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7
-
SHA512
0e658596d8e1a96be9c408c1960967ee71516ce10d689da6c7dd9f825ad8d5820f6a301e77841be55bb955b910067a7e7db153197cc0710e1cccb0a0466bdaeb
-
SSDEEP
12288:MMrdy90H7ChlUGmtI29aWAnhJqZwuP5ixn8/2uZivep2jgZo4TrB02Fl5r7t:JysGt2oGwuP5iFOZWe2cZo4fB0oP7t
Static task
static1
Behavioral task
behavioral1
Sample
9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Targets
-
-
Target
9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7
-
Size
821KB
-
MD5
2ec0cc03412324be47c5d88d97133451
-
SHA1
6506cf125e9a8b56e79c4a950fd331c02e05656b
-
SHA256
9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7
-
SHA512
0e658596d8e1a96be9c408c1960967ee71516ce10d689da6c7dd9f825ad8d5820f6a301e77841be55bb955b910067a7e7db153197cc0710e1cccb0a0466bdaeb
-
SSDEEP
12288:MMrdy90H7ChlUGmtI29aWAnhJqZwuP5ixn8/2uZivep2jgZo4TrB02Fl5r7t:JysGt2oGwuP5iFOZWe2cZo4fB0oP7t
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1