General
-
Target
9af9cf1e22e4b9c3cef71e839962451fc1f09f90f46c4dd36706970d94145893
-
Size
1.1MB
-
Sample
241106-ygdhaawjfs
-
MD5
70bc563ce887a116c08b548e7b4623d7
-
SHA1
6decdb01fbee7c02fbc66ae2edf6f0366c7d6631
-
SHA256
9af9cf1e22e4b9c3cef71e839962451fc1f09f90f46c4dd36706970d94145893
-
SHA512
5fa47cf9f1eeb7716623445c83d354a79e03fa79646d7c12678e7c1c815a5f5066369fd2b30dd311855a972bf9260b2cf9fc3f502e65923895e9a13cffcd8369
-
SSDEEP
24576:YV8GfFeO7DtWN4hDXBgCViq2Xx9Yv3aUhpYqVOaePB8XZkI9YdE:YvfQwDtI4xXBgCVeXxOC+CqVOaMG+dE
Static task
static1
Behavioral task
behavioral1
Sample
9d1f7e4c39ca9c1c135aa434d21696e01907a80f97e5d3efacef9bb0461e8984.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rodik
193.233.20.23:4124
-
auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d
Targets
-
-
Target
9d1f7e4c39ca9c1c135aa434d21696e01907a80f97e5d3efacef9bb0461e8984.exe
-
Size
1.1MB
-
MD5
da55d8e5ca17d483a9f9c883344ee590
-
SHA1
340b2cd64d7dfeb70d2dfcd5fb09636530b0a49e
-
SHA256
9d1f7e4c39ca9c1c135aa434d21696e01907a80f97e5d3efacef9bb0461e8984
-
SHA512
311d5784a45bea55c62d0457599e8758ab25fa5b94248bcb54cea2ac9973ebab3ca39c5383fb54e2f87cdd28a677e2071f90b563430e5ce5a22b0745be05aad7
-
SSDEEP
24576:Xyf15UnOgBvxgwObnr66C7eoNKgiEY6EyiNhtTYy5iuwYUVoM:ifsnrvGZrDqQLy+zYy5/UV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1