General
-
Target
2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750
-
Size
1.1MB
-
Sample
241107-r3wsestlbx
-
MD5
db82ea2db4ced053fa12faaf39b4263f
-
SHA1
446fc2c2895974e0c8cab537f7cabe30907fb3a7
-
SHA256
2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750
-
SHA512
87e1180ba64e1f9e639faf861776effb8e402f7ef994320db330b98ce6c63ebf4bafd7738a106ebaa7fd3d5b21ec75f603f45f5b3575117619ddb9597d8f7c5a
-
SSDEEP
24576:5y3JVBCXlTNI8NbWJDL/6YMaTUy4RHoKucYCqAG928r:s3JbCXpNI8NSx/6YMaTERI0GAGR
Static task
static1
Behavioral task
behavioral1
Sample
2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rodik
193.233.20.23:4124
-
auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d
Targets
-
-
Target
2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750
-
Size
1.1MB
-
MD5
db82ea2db4ced053fa12faaf39b4263f
-
SHA1
446fc2c2895974e0c8cab537f7cabe30907fb3a7
-
SHA256
2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750
-
SHA512
87e1180ba64e1f9e639faf861776effb8e402f7ef994320db330b98ce6c63ebf4bafd7738a106ebaa7fd3d5b21ec75f603f45f5b3575117619ddb9597d8f7c5a
-
SSDEEP
24576:5y3JVBCXlTNI8NbWJDL/6YMaTUy4RHoKucYCqAG928r:s3JbCXpNI8NSx/6YMaTERI0GAGR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1