General
-
Target
0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e
-
Size
478KB
-
Sample
241108-bcxn2atrbk
-
MD5
43116201ff307876aa503570f711ec88
-
SHA1
f85dd1689fd8ae16e198da253207fe3101ccb95e
-
SHA256
0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e
-
SHA512
c9f28e6a6f9c8cb30f48811e32216f2444235eec34ddf8794b8c903cf3d46e861a16670ee1b2c44e93ff63daa75fab54a15054bdab42451eb63afb6752581adc
-
SSDEEP
6144:Kcy+bnr+Dp0yN90QEjswtOwM4LtTm5K5gBqbb99aB5NtdHF2z/9MC10xdb5EP7fc:wMrry90hNtRqEUqF2dHF7Txdb5S5g6o
Static task
static1
Behavioral task
behavioral1
Sample
0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e
-
Size
478KB
-
MD5
43116201ff307876aa503570f711ec88
-
SHA1
f85dd1689fd8ae16e198da253207fe3101ccb95e
-
SHA256
0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e
-
SHA512
c9f28e6a6f9c8cb30f48811e32216f2444235eec34ddf8794b8c903cf3d46e861a16670ee1b2c44e93ff63daa75fab54a15054bdab42451eb63afb6752581adc
-
SSDEEP
6144:Kcy+bnr+Dp0yN90QEjswtOwM4LtTm5K5gBqbb99aB5NtdHF2z/9MC10xdb5EP7fc:wMrry90hNtRqEUqF2dHF7Txdb5S5g6o
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1