General
-
Target
ac0cad80bf3c1ca11ca64e406000e90e03e15043385daccb6ecaf96bae9e128a
-
Size
427KB
-
Sample
241104-qw72fazlcw
-
MD5
511edb8edb380790285ea2d3657ff2e8
-
SHA1
952ab49b98341e2a2f073b5de46352e8d29613d9
-
SHA256
ac0cad80bf3c1ca11ca64e406000e90e03e15043385daccb6ecaf96bae9e128a
-
SHA512
e694e7d721407b041c32a072f8c9d53fd562f45ac19e59f42d027065422c3c056def04d910a855701001ed4532fd988612ff39fe06636cd251a8fb8b7a536ab1
-
SSDEEP
6144:VOxIPdsYvdQMRrXO3RvTWLTDgpOhiBjLi3Ss04xSnvG01fl5waL6CHeBCxJPEYlU:VOmVrgLq8s3BFKl5BLtHesEKc
Static task
static1
Behavioral task
behavioral1
Sample
65e511cf23bd6cfa2aaacbef01565f56a278c33b9396322c4022b88100c48425.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
65e511cf23bd6cfa2aaacbef01565f56a278c33b9396322c4022b88100c48425.exe
-
Size
478KB
-
MD5
f6f59c7a04ebffefb8c26ac7e793830b
-
SHA1
a3c5e62097ce27b7dbd81bfb130c7a6cb2238c3a
-
SHA256
65e511cf23bd6cfa2aaacbef01565f56a278c33b9396322c4022b88100c48425
-
SHA512
aef64a66fa376ae44a328cd996d94051a08a190e2fd62c23c9fc04eb8788b31d01b7a58c5685f7b9cf039e522da57d866056a38a8801947b750db549e5d8aa5d
-
SSDEEP
6144:K5y+bnr+bp0yN90QEIVoUPyjqMC0o8HVmi9S2WBmkFSp0Vnx8hat9bybsIbar3xG:fMrvy902oUKZC0vS2ex+EmseajxmZ1t
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1