General
-
Target
8e55b6de7bd88406d109a73585a9ba92756a008023fc78cc41baceadc18c6acf
-
Size
660KB
-
Sample
241104-zp8ttsxbpg
-
MD5
773ced71dcb203889cf59fbccc34e8ab
-
SHA1
35e9f67ce5d86115e465ae28f34dae6d598bfde9
-
SHA256
8e55b6de7bd88406d109a73585a9ba92756a008023fc78cc41baceadc18c6acf
-
SHA512
39d224ccda17503f2af9d2061b52a3537fccb3eabd6bd8d49126504229bdf412b131c39e8db5b3ea60f68da4fb5a699deb2b34da6a9a14f1bc8d18dcc82895b3
-
SSDEEP
12288:1MrAy90YFq7NxdbP+me6paqqh1FUbLk/FZEmaf2iYnqFTuV8:hyfq7vhP+SajiLk/Zaf7mAH
Static task
static1
Behavioral task
behavioral1
Sample
8e55b6de7bd88406d109a73585a9ba92756a008023fc78cc41baceadc18c6acf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubik
193.233.20.17:4139
-
auth_value
05136deb26ad700ca57d43b1de454f46
Targets
-
-
Target
8e55b6de7bd88406d109a73585a9ba92756a008023fc78cc41baceadc18c6acf
-
Size
660KB
-
MD5
773ced71dcb203889cf59fbccc34e8ab
-
SHA1
35e9f67ce5d86115e465ae28f34dae6d598bfde9
-
SHA256
8e55b6de7bd88406d109a73585a9ba92756a008023fc78cc41baceadc18c6acf
-
SHA512
39d224ccda17503f2af9d2061b52a3537fccb3eabd6bd8d49126504229bdf412b131c39e8db5b3ea60f68da4fb5a699deb2b34da6a9a14f1bc8d18dcc82895b3
-
SSDEEP
12288:1MrAy90YFq7NxdbP+me6paqqh1FUbLk/FZEmaf2iYnqFTuV8:hyfq7vhP+SajiLk/Zaf7mAH
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1