General
-
Target
e8aaad623d2de9287495dc1181841558f117306f461aeac3d2854d23bb766c59
-
Size
558KB
-
Sample
241104-zq472axfkm
-
MD5
9b2693927f84066df9654610bfff2c43
-
SHA1
f3ff2be625038890aadf698023daa092d1a6e219
-
SHA256
e8aaad623d2de9287495dc1181841558f117306f461aeac3d2854d23bb766c59
-
SHA512
f73b6b6342f2120edb32e0057a42a8cccf052e5e63e1613493f91f7f432ecc5f11af019fdb41738150f91a2b908acd2e81fa5286f69212a09de4ab413bdc46af
-
SSDEEP
12288:nMrNy90AG8l4iYOADl/foOjWlHjuBBZnxgKUiy4T6Z:qy1QOAJDjWlD6Z2Hi/w
Static task
static1
Behavioral task
behavioral1
Sample
e8aaad623d2de9287495dc1181841558f117306f461aeac3d2854d23bb766c59.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
e8aaad623d2de9287495dc1181841558f117306f461aeac3d2854d23bb766c59
-
Size
558KB
-
MD5
9b2693927f84066df9654610bfff2c43
-
SHA1
f3ff2be625038890aadf698023daa092d1a6e219
-
SHA256
e8aaad623d2de9287495dc1181841558f117306f461aeac3d2854d23bb766c59
-
SHA512
f73b6b6342f2120edb32e0057a42a8cccf052e5e63e1613493f91f7f432ecc5f11af019fdb41738150f91a2b908acd2e81fa5286f69212a09de4ab413bdc46af
-
SSDEEP
12288:nMrNy90AG8l4iYOADl/foOjWlHjuBBZnxgKUiy4T6Z:qy1QOAJDjWlD6Z2Hi/w
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1