General
-
Target
f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459
-
Size
1.0MB
-
Sample
241107-qezzhasglh
-
MD5
648bbdc10392bfaf81a5a406c7b79adf
-
SHA1
300e02fddcd88b48e551eaec6480339095c8d30a
-
SHA256
f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459
-
SHA512
3ffb4cfd4dc2e3dd25b933008fc3f1d1b9370164857c37366f2c1cffb157f64b7d685998ba1f2cd44662eb08bfcfd643872cf27080b7c7ae5742a7b1194ec19d
-
SSDEEP
12288:qMray90ygSLz8DntVkCUMaS9MfeIRHQNQ129xPaPgt1hiC9gysZ5SZRybQW7bPm0:0y/z8DtXU6Mf3yh31R9gxAkrjOXr7S
Static task
static1
Behavioral task
behavioral1
Sample
f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459
-
Size
1.0MB
-
MD5
648bbdc10392bfaf81a5a406c7b79adf
-
SHA1
300e02fddcd88b48e551eaec6480339095c8d30a
-
SHA256
f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459
-
SHA512
3ffb4cfd4dc2e3dd25b933008fc3f1d1b9370164857c37366f2c1cffb157f64b7d685998ba1f2cd44662eb08bfcfd643872cf27080b7c7ae5742a7b1194ec19d
-
SSDEEP
12288:qMray90ygSLz8DntVkCUMaS9MfeIRHQNQ129xPaPgt1hiC9gysZ5SZRybQW7bPm0:0y/z8DtXU6Mf3yh31R9gxAkrjOXr7S
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1