General
-
Target
42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd
-
Size
1.0MB
-
Sample
241104-qv7dhszlaz
-
MD5
e655f4cc352a6dbd3523496f7572f46a
-
SHA1
40d5508b323117cebc0754330e7014c77cf27e76
-
SHA256
42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd
-
SHA512
f41be238aedfd58d0671c6c1f34cca03111abe052439521707d3a7ea92efa2e0cca84a8f9ce5ad43ff72d91092e4edf3c5a90a7b54a64400a1427ba78cff2380
-
SSDEEP
24576:sy2AVQfRKDWTheB9VMWaZAFCR1wOhg7B+:b2AqfRKDSho9avPo
Static task
static1
Behavioral task
behavioral1
Sample
42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd
-
Size
1.0MB
-
MD5
e655f4cc352a6dbd3523496f7572f46a
-
SHA1
40d5508b323117cebc0754330e7014c77cf27e76
-
SHA256
42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd
-
SHA512
f41be238aedfd58d0671c6c1f34cca03111abe052439521707d3a7ea92efa2e0cca84a8f9ce5ad43ff72d91092e4edf3c5a90a7b54a64400a1427ba78cff2380
-
SSDEEP
24576:sy2AVQfRKDWTheB9VMWaZAFCR1wOhg7B+:b2AqfRKDSho9avPo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1