General
-
Target
9b1727ab6be7a8d7e04ee3532b0d647b901dd2b7b7fb2bc1aabfff15bd04170a
-
Size
501KB
-
Sample
241107-pdxx3sscnk
-
MD5
370bd1aca667510af5e4bf950a8d0a0b
-
SHA1
25cd878be1fc0d2740dacb51a829d1acaaf7b89c
-
SHA256
9b1727ab6be7a8d7e04ee3532b0d647b901dd2b7b7fb2bc1aabfff15bd04170a
-
SHA512
aee913d677530e575d4281f75d6d7db233d9a72cb026faac9614671c9d6c62572968d42452fe7925085a7c97b5b61e58760eaa6303208d92b4db31f362179b35
-
SSDEEP
6144:K4y+bnr+6p0yN90QEFxY1chAcXuNNbkY8wYzl4z1NbvqwFVve0IVO65Ll9aWRav/:wMryy90TXOHjhi2v3I1avfNDKPE
Static task
static1
Behavioral task
behavioral1
Sample
9b1727ab6be7a8d7e04ee3532b0d647b901dd2b7b7fb2bc1aabfff15bd04170a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
9b1727ab6be7a8d7e04ee3532b0d647b901dd2b7b7fb2bc1aabfff15bd04170a
-
Size
501KB
-
MD5
370bd1aca667510af5e4bf950a8d0a0b
-
SHA1
25cd878be1fc0d2740dacb51a829d1acaaf7b89c
-
SHA256
9b1727ab6be7a8d7e04ee3532b0d647b901dd2b7b7fb2bc1aabfff15bd04170a
-
SHA512
aee913d677530e575d4281f75d6d7db233d9a72cb026faac9614671c9d6c62572968d42452fe7925085a7c97b5b61e58760eaa6303208d92b4db31f362179b35
-
SSDEEP
6144:K4y+bnr+6p0yN90QEFxY1chAcXuNNbkY8wYzl4z1NbvqwFVve0IVO65Ll9aWRav/:wMryy90TXOHjhi2v3I1avfNDKPE
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1