General
-
Target
207954b014ee1c9e366bbf937636294eeb6e440bc61df0144792f012ade73f2e
-
Size
1.1MB
-
Sample
241106-yccp7aynbl
-
MD5
b5ffbef41f720cf9bcf241fe35a23e45
-
SHA1
4c27b62b7d7fd3e64e488104204c9d6b23c382e3
-
SHA256
207954b014ee1c9e366bbf937636294eeb6e440bc61df0144792f012ade73f2e
-
SHA512
da4ad2f6707746855e7a47d4dce138dde9bfb02a06ff6127a294f373e68791ab48e74b5591b2f60531a6cb03fa230f0a8de909ded5942ea66481bb3ac5599150
-
SSDEEP
24576:3QfWlOHWRu2ECS3bbAwTOv1NBbqHcjzurqad5KjSxk8bUlaPzl:BO2QRrbWfqHcuf5Z/Usp
Static task
static1
Behavioral task
behavioral1
Sample
fc199ff73ba6fe6e48e73c7e14d581104d5bac10e72bc6afe139ae69dd28ba07.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rodik
193.233.20.23:4124
-
auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d
Targets
-
-
Target
fc199ff73ba6fe6e48e73c7e14d581104d5bac10e72bc6afe139ae69dd28ba07.exe
-
Size
1.1MB
-
MD5
484752c3705e0a2f3d64658da43478d9
-
SHA1
f4ada7142bc6e6bec696c26e150a53d3ae9c3ca7
-
SHA256
fc199ff73ba6fe6e48e73c7e14d581104d5bac10e72bc6afe139ae69dd28ba07
-
SHA512
5f5800424bdc017c38fc7680f5dfdbdd7f58997771bab5ad768b66e79851d1dc2d96374d684be066d7921dcf5cf0fd528e062aac297b9bee02e127728ff48f49
-
SSDEEP
24576:VypCmFylJZzgguq3cijm1IZykLOzcRDOYbtkcTUk3/V9zyW:wpC+ylJzcf1IjL/DPBT3Ty
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1