General
-
Target
0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e
-
Size
726KB
-
Sample
241107-rve5pstjgt
-
MD5
4da5580bdb77f1a2c4c48351a51a656a
-
SHA1
caa9805162e7763cb5a3e971fd185b35965fed25
-
SHA256
0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e
-
SHA512
03cdfa1bc249a8d9fe23eecfffc3607a79608a54cc1d094a42ab1c989a9a3636cfe2cf359c13380d486f96b35c4701ec841fe965e362a197e099772f08757b83
-
SSDEEP
12288:0MrPy90sqy+vwj3ctJK2kwXKRLYUapy39iPpquuVPR7MUR51BB7oBqU7YeALqtY7:7yNf3cj1kwy9j92V6RMQBBEpMLqqu1M
Static task
static1
Behavioral task
behavioral1
Sample
0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e
-
Size
726KB
-
MD5
4da5580bdb77f1a2c4c48351a51a656a
-
SHA1
caa9805162e7763cb5a3e971fd185b35965fed25
-
SHA256
0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e
-
SHA512
03cdfa1bc249a8d9fe23eecfffc3607a79608a54cc1d094a42ab1c989a9a3636cfe2cf359c13380d486f96b35c4701ec841fe965e362a197e099772f08757b83
-
SSDEEP
12288:0MrPy90sqy+vwj3ctJK2kwXKRLYUapy39iPpquuVPR7MUR51BB7oBqU7YeALqtY7:7yNf3cj1kwy9j92V6RMQBBEpMLqqu1M
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1