General
-
Target
9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb
-
Size
490KB
-
Sample
241104-zkzelawncx
-
MD5
1215d76105b0078674248a8cb221c748
-
SHA1
db1016eb26aa74a2149c7d5d1b6d63adef0c3313
-
SHA256
9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb
-
SHA512
f6d00c0a8d8f66d46ed239d28471a53ddb1f4777e0fca97c946e0018f1c744c327fe4a531e64c6a84e54e051c3d4a82f059200ff16b23be5d0f3b9a8b3acecce
-
SSDEEP
12288:xMrqy90Mj0cJSaGqqX1G0oAbziFQkQAj89lE0G0/:HyRjVTUX1G0FxkX43/
Static task
static1
Behavioral task
behavioral1
Sample
9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lulsa
217.196.96.101:4132
-
auth_value
2bb8e3870ce0ad119d2840b124222121
Targets
-
-
Target
9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb
-
Size
490KB
-
MD5
1215d76105b0078674248a8cb221c748
-
SHA1
db1016eb26aa74a2149c7d5d1b6d63adef0c3313
-
SHA256
9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb
-
SHA512
f6d00c0a8d8f66d46ed239d28471a53ddb1f4777e0fca97c946e0018f1c744c327fe4a531e64c6a84e54e051c3d4a82f059200ff16b23be5d0f3b9a8b3acecce
-
SSDEEP
12288:xMrqy90Mj0cJSaGqqX1G0oAbziFQkQAj89lE0G0/:HyRjVTUX1G0FxkX43/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1