General
-
Target
613c83892ba2f8684539dff50691ba85fc4042c286fafa58fd1906a3929c17f4
-
Size
752KB
-
Sample
241107-hes7yswqgx
-
MD5
3bea54f040d3a76e267458ba4a671330
-
SHA1
f6869c2e49d70d40f02df822bd699a2db03a803e
-
SHA256
613c83892ba2f8684539dff50691ba85fc4042c286fafa58fd1906a3929c17f4
-
SHA512
7c7269d97630bba48b71f063eb63510f3f691db0c40f7cc6be8d0653edfee0a61db0f382f386cee23b371bb2c7ebb2cecfa3335a36412f0fdb06f9eda6848942
-
SSDEEP
12288:LMrUy90wvPhzROdEUUt9jHlQw1Kmhm1EiUsXR5HaQdfN7lHj4MWeqwepTJx:/yzjOWNz1VixXR5HaQhN6laeplx
Static task
static1
Behavioral task
behavioral1
Sample
613c83892ba2f8684539dff50691ba85fc4042c286fafa58fd1906a3929c17f4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Targets
-
-
Target
613c83892ba2f8684539dff50691ba85fc4042c286fafa58fd1906a3929c17f4
-
Size
752KB
-
MD5
3bea54f040d3a76e267458ba4a671330
-
SHA1
f6869c2e49d70d40f02df822bd699a2db03a803e
-
SHA256
613c83892ba2f8684539dff50691ba85fc4042c286fafa58fd1906a3929c17f4
-
SHA512
7c7269d97630bba48b71f063eb63510f3f691db0c40f7cc6be8d0653edfee0a61db0f382f386cee23b371bb2c7ebb2cecfa3335a36412f0fdb06f9eda6848942
-
SSDEEP
12288:LMrUy90wvPhzROdEUUt9jHlQw1Kmhm1EiUsXR5HaQdfN7lHj4MWeqwepTJx:/yzjOWNz1VixXR5HaQhN6laeplx
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1