General
-
Target
dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267
-
Size
1.1MB
-
Sample
241106-y8akpsxgnm
-
MD5
f6da6da3867f998ae4d9fdc3e92554d0
-
SHA1
c4c897ac588ced33fefb721432ef39013aede484
-
SHA256
dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267
-
SHA512
3d889f4a5a5217de2c9eb0db9e93f3544b22f80ee91f9469a69f2f65e8e86f74f50d7b195f7e0aad3664d58a7f37d6748b9b5f361a908baa662dca18eb1df98d
-
SSDEEP
24576:hyG7SzG1vIRLANuN85jUO9/Y7yeKpPi56v1J1ibRO1CM2b2P:UG+ov4LzyDEyeui5cJMbR6H2
Static task
static1
Behavioral task
behavioral1
Sample
dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
lore
185.161.248.90:4125
-
auth_value
523d51bd3c39801fa0405f4fb03df3c4
Targets
-
-
Target
dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267
-
Size
1.1MB
-
MD5
f6da6da3867f998ae4d9fdc3e92554d0
-
SHA1
c4c897ac588ced33fefb721432ef39013aede484
-
SHA256
dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267
-
SHA512
3d889f4a5a5217de2c9eb0db9e93f3544b22f80ee91f9469a69f2f65e8e86f74f50d7b195f7e0aad3664d58a7f37d6748b9b5f361a908baa662dca18eb1df98d
-
SSDEEP
24576:hyG7SzG1vIRLANuN85jUO9/Y7yeKpPi56v1J1ibRO1CM2b2P:UG+ov4LzyDEyeui5cJMbR6H2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1