General
-
Target
d5931f94a58dc446d4941217aa02b3b5ff5ac9d055662b2e4187d60779c45467
-
Size
1.4MB
-
Sample
241104-qvyrdazlay
-
MD5
15e027424ec735a4b05b71d29014800b
-
SHA1
891c0a3e0a49fa890fae4e810879c46d1725f1b9
-
SHA256
d5931f94a58dc446d4941217aa02b3b5ff5ac9d055662b2e4187d60779c45467
-
SHA512
291ff0e3499a31efde07e00c1e223ad9d2b833b8f53789cd48fea7dc3940159ec795186c8f2aec68fad24319c6a40effbbda73f11680c73df1dc69289cc7ed00
-
SSDEEP
24576:Wy8IxxE3l94vZDycI8u5oKXpkfCkGKAl2mP8xmMsOVC2hPv99Q3NTJtb:l7vE1Sv9ycxokfCkGKwqmGk2i9T7
Static task
static1
Behavioral task
behavioral1
Sample
d5931f94a58dc446d4941217aa02b3b5ff5ac9d055662b2e4187d60779c45467.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
maxbi
185.161.248.73:4164
-
auth_value
6aa7dba884fe45693dfa04c91440daef
Targets
-
-
Target
d5931f94a58dc446d4941217aa02b3b5ff5ac9d055662b2e4187d60779c45467
-
Size
1.4MB
-
MD5
15e027424ec735a4b05b71d29014800b
-
SHA1
891c0a3e0a49fa890fae4e810879c46d1725f1b9
-
SHA256
d5931f94a58dc446d4941217aa02b3b5ff5ac9d055662b2e4187d60779c45467
-
SHA512
291ff0e3499a31efde07e00c1e223ad9d2b833b8f53789cd48fea7dc3940159ec795186c8f2aec68fad24319c6a40effbbda73f11680c73df1dc69289cc7ed00
-
SSDEEP
24576:Wy8IxxE3l94vZDycI8u5oKXpkfCkGKAl2mP8xmMsOVC2hPv99Q3NTJtb:l7vE1Sv9ycxokfCkGKwqmGk2i9T7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1