General
-
Target
e248e9a66faf3bf52e500b5ce0af7c0c7110ebfd5c2360f01df4cbda7c4efd07
-
Size
481KB
-
Sample
241106-ahc15s1kgx
-
MD5
4eff690678110f3bdc019cc5cf4f76ce
-
SHA1
48d84f44c0840303d6c7f8d40f3bdc69679cf7cf
-
SHA256
e248e9a66faf3bf52e500b5ce0af7c0c7110ebfd5c2360f01df4cbda7c4efd07
-
SHA512
30d11536c469234ff766b59007a6c3a0ab96959d1e94049f04a55cb9780a6e658c34464f20e98046eda73324e1c3af16fa9e552be58cbe834fe2fa5c7d011fba
-
SSDEEP
6144:Kty+bnr+op0yN90QEE2JNZzO1PLcUHtiPpbTlUynxW86TkvS6R7qA7UlVKy7Vh7i:7MrMy909ZzeoUH81uTj6NUaKD7ru1
Static task
static1
Behavioral task
behavioral1
Sample
e248e9a66faf3bf52e500b5ce0af7c0c7110ebfd5c2360f01df4cbda7c4efd07.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
e248e9a66faf3bf52e500b5ce0af7c0c7110ebfd5c2360f01df4cbda7c4efd07
-
Size
481KB
-
MD5
4eff690678110f3bdc019cc5cf4f76ce
-
SHA1
48d84f44c0840303d6c7f8d40f3bdc69679cf7cf
-
SHA256
e248e9a66faf3bf52e500b5ce0af7c0c7110ebfd5c2360f01df4cbda7c4efd07
-
SHA512
30d11536c469234ff766b59007a6c3a0ab96959d1e94049f04a55cb9780a6e658c34464f20e98046eda73324e1c3af16fa9e552be58cbe834fe2fa5c7d011fba
-
SSDEEP
6144:Kty+bnr+op0yN90QEE2JNZzO1PLcUHtiPpbTlUynxW86TkvS6R7qA7UlVKy7Vh7i:7MrMy909ZzeoUH81uTj6NUaKD7ru1
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1