General
-
Target
a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1
-
Size
660KB
-
Sample
241105-svdgjssqfw
-
MD5
af54cbea93296b812b5c253e27b48b07
-
SHA1
adad655cde21c1c4b0a88ea5bc44ee3315215d04
-
SHA256
a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1
-
SHA512
33550fb0eb06e8b91295b8a8d4c2e7b3ba6032d4b6fa130699bb3b4acf2c1f76c3e6d750828e73114b7e4caa8426ceb7c0b15fa5bb44399ed89e8e4e4e7cc1b7
-
SSDEEP
12288:PMruy90z9pUH/OBqM5FnE+8JEST8pxc+pnIVbSxzhMnCbY03Ghc:5yIpe/WqM5a+8JEST8KbSPWCN3Uc
Static task
static1
Behavioral task
behavioral1
Sample
a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
dozt
77.91.124.145:4125
-
auth_value
857bdfe4fa14711025859d89f18b32cb
Targets
-
-
Target
a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1
-
Size
660KB
-
MD5
af54cbea93296b812b5c253e27b48b07
-
SHA1
adad655cde21c1c4b0a88ea5bc44ee3315215d04
-
SHA256
a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1
-
SHA512
33550fb0eb06e8b91295b8a8d4c2e7b3ba6032d4b6fa130699bb3b4acf2c1f76c3e6d750828e73114b7e4caa8426ceb7c0b15fa5bb44399ed89e8e4e4e7cc1b7
-
SSDEEP
12288:PMruy90z9pUH/OBqM5FnE+8JEST8pxc+pnIVbSxzhMnCbY03Ghc:5yIpe/WqM5a+8JEST8KbSPWCN3Uc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1