General
-
Target
8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9
-
Size
1.3MB
-
Sample
241106-sd7dasvkgl
-
MD5
677219601ddb765d759486dc5929ce32
-
SHA1
b9aee99ca50f2206dd768236a82d3561fe40213d
-
SHA256
8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9
-
SHA512
efd4d7ba0eba1ab5be79ead8147ab8a54e280fd76cefacbac89460d4279b0da58ed2423eafdf0f2a84c212f22bc6d9ac1a26b4f3cdf7381a37eec822bd63c33d
-
SSDEEP
24576:Ey7aiAclVkw97VvXQAhaFWH0VwFvffsajOVKFVQHw/BFhseUY+F:T+alPfXvMFi08PJ4KrKw/Js7
Static task
static1
Behavioral task
behavioral1
Sample
8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rodik
193.233.20.23:4124
-
auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d
Targets
-
-
Target
8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9
-
Size
1.3MB
-
MD5
677219601ddb765d759486dc5929ce32
-
SHA1
b9aee99ca50f2206dd768236a82d3561fe40213d
-
SHA256
8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9
-
SHA512
efd4d7ba0eba1ab5be79ead8147ab8a54e280fd76cefacbac89460d4279b0da58ed2423eafdf0f2a84c212f22bc6d9ac1a26b4f3cdf7381a37eec822bd63c33d
-
SSDEEP
24576:Ey7aiAclVkw97VvXQAhaFWH0VwFvffsajOVKFVQHw/BFhseUY+F:T+alPfXvMFi08PJ4KrKw/Js7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1