General
-
Target
63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637
-
Size
851KB
-
Sample
241107-3y5ejszmds
-
MD5
05555887bfadbeb4c0fdda7be1a9d8d4
-
SHA1
568dc64195843eab4a7da2297f269a7f316b0370
-
SHA256
63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637
-
SHA512
2608c2c2f4ea1d7eefc7482ac41ba227c6940fbaba2f81aa514dd27ae49d2e13e2a1580b6ac0f207b98f50fb734e756e2984e7ae89ece6233b402a3f18ecb025
-
SSDEEP
12288:yMrBy901aIaUaMkTrcdwMDEH2/ecVE6EWT035BpydVg2orbOzB2Q:vyABanMkfpMEhO2WCp+epO8Q
Static task
static1
Behavioral task
behavioral1
Sample
63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637
-
Size
851KB
-
MD5
05555887bfadbeb4c0fdda7be1a9d8d4
-
SHA1
568dc64195843eab4a7da2297f269a7f316b0370
-
SHA256
63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637
-
SHA512
2608c2c2f4ea1d7eefc7482ac41ba227c6940fbaba2f81aa514dd27ae49d2e13e2a1580b6ac0f207b98f50fb734e756e2984e7ae89ece6233b402a3f18ecb025
-
SSDEEP
12288:yMrBy901aIaUaMkTrcdwMDEH2/ecVE6EWT035BpydVg2orbOzB2Q:vyABanMkfpMEhO2WCp+epO8Q
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1