General
-
Target
8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e
-
Size
1.0MB
-
Sample
241107-vjmbesymfk
-
MD5
0e524cffed5aa40e4d1b0f42c849090a
-
SHA1
46b22818621ea3e4966f2927289536221c31f9fa
-
SHA256
8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e
-
SHA512
bc1742e07cea981f3e6dd0ffcb372a8a41cf400b1255cf19500cb3cebc239db62f8295254f37bdbffb368536b001e0f6ca7df22077d5632b59ea587d977fda41
-
SSDEEP
24576:gyhXn8r6izByU1Lo1g9SNnEnyaoJjHzhWio+j/:nhMr6idl1Lo1UgnERopHAG
Static task
static1
Behavioral task
behavioral1
Sample
8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e
-
Size
1.0MB
-
MD5
0e524cffed5aa40e4d1b0f42c849090a
-
SHA1
46b22818621ea3e4966f2927289536221c31f9fa
-
SHA256
8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e
-
SHA512
bc1742e07cea981f3e6dd0ffcb372a8a41cf400b1255cf19500cb3cebc239db62f8295254f37bdbffb368536b001e0f6ca7df22077d5632b59ea587d977fda41
-
SSDEEP
24576:gyhXn8r6izByU1Lo1g9SNnEnyaoJjHzhWio+j/:nhMr6idl1Lo1UgnERopHAG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1