General
-
Target
1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053
-
Size
808KB
-
Sample
241108-cjdeeasjfv
-
MD5
2ed469edbf161a338f5b0d82e9f1dd08
-
SHA1
e6560273952948d825e73501ed04d6e9dce6b892
-
SHA256
1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053
-
SHA512
787f15e126242b25bd7f389a0c0e82515255e6e057623c28a5a8fde9fbae325d90a36abce08c46e32ea97a8f505ea2bacc056dea53192d9426516927301c32c8
-
SSDEEP
12288:qMrYy90defWz605p4783PMtr+S0j8PX2rFaUEyvI30QcL9YXCp7GS8N:Wyq60r8r++HUEyvI30QA9Tzm
Static task
static1
Behavioral task
behavioral1
Sample
1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053
-
Size
808KB
-
MD5
2ed469edbf161a338f5b0d82e9f1dd08
-
SHA1
e6560273952948d825e73501ed04d6e9dce6b892
-
SHA256
1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053
-
SHA512
787f15e126242b25bd7f389a0c0e82515255e6e057623c28a5a8fde9fbae325d90a36abce08c46e32ea97a8f505ea2bacc056dea53192d9426516927301c32c8
-
SSDEEP
12288:qMrYy90defWz605p4783PMtr+S0j8PX2rFaUEyvI30QcL9YXCp7GS8N:Wyq60r8r++HUEyvI30QA9Tzm
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1