General
-
Target
d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051
-
Size
481KB
-
Sample
241107-qlebdashpr
-
MD5
c1c8528258194a9559024028bb28cc53
-
SHA1
9ac3307463b1376f07338870eb5c35d3e905ec4c
-
SHA256
d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051
-
SHA512
562acb8c09ac01fc51a2d62c5c2da8772ae1d734c7f7857c3fed4917ca14d42582f1766387a17c6afcfbf1aef8429fc4be642700717b08199ae5aaf66ebfc275
-
SSDEEP
6144:K+y+bnr+op0yN90QEAoDyVKoUaFRKP2sD2fl4mPE2ZKkvS6RehA7U3VO5pn3iwVK:qMrQy90W6yVpA2qKh82ZKj6NUQ/m
Static task
static1
Behavioral task
behavioral1
Sample
d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051
-
Size
481KB
-
MD5
c1c8528258194a9559024028bb28cc53
-
SHA1
9ac3307463b1376f07338870eb5c35d3e905ec4c
-
SHA256
d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051
-
SHA512
562acb8c09ac01fc51a2d62c5c2da8772ae1d734c7f7857c3fed4917ca14d42582f1766387a17c6afcfbf1aef8429fc4be642700717b08199ae5aaf66ebfc275
-
SSDEEP
6144:K+y+bnr+op0yN90QEAoDyVKoUaFRKP2sD2fl4mPE2ZKkvS6RehA7U3VO5pn3iwVK:qMrQy90W6yVpA2qKh82ZKj6NUQ/m
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1