General
-
Target
7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454
-
Size
482KB
-
Sample
241106-r5ddvs1nbw
-
MD5
5d2d7a90c2e08f57246bb2f9ca212915
-
SHA1
ee2a2f4677d70312e3320fa42a4030a29cacfe54
-
SHA256
7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454
-
SHA512
da872b2a5e9187c6e53b1cb669e9f773261c9d8871be00dd0ad50df2621f8f960cedcf1cbd20cf81f45b1676d4fb360f4fc225f98c5f2615301a0453630078f2
-
SSDEEP
12288:TMrCy90qJkxUQZHyxsnCKYX/C4czE8HGWrqJp/tuS8:9ygxmGCK06VzE8cp/8S8
Static task
static1
Behavioral task
behavioral1
Sample
7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454
-
Size
482KB
-
MD5
5d2d7a90c2e08f57246bb2f9ca212915
-
SHA1
ee2a2f4677d70312e3320fa42a4030a29cacfe54
-
SHA256
7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454
-
SHA512
da872b2a5e9187c6e53b1cb669e9f773261c9d8871be00dd0ad50df2621f8f960cedcf1cbd20cf81f45b1676d4fb360f4fc225f98c5f2615301a0453630078f2
-
SSDEEP
12288:TMrCy90qJkxUQZHyxsnCKYX/C4czE8HGWrqJp/tuS8:9ygxmGCK06VzE8cp/8S8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1