General
-
Target
73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148
-
Size
478KB
-
Sample
241108-d2zk2axjhn
-
MD5
ced1a57877645ae90216b2a3587970b9
-
SHA1
f7e9977d9af08e71f2cd02673a89296918b4f82c
-
SHA256
73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148
-
SHA512
9d45d2cfa816d13c81e23bc6b9c29a51c4aaf4bbcf004b1ab6e487f6421b5cbdab1e1d3a8e631c0c804d18a8d4323b25f57333c401a223858f621b3f3843595c
-
SSDEEP
6144:KXy+bnr+Yp0yN90QEqmb1wKIm4dv3HPeqtzEXFbuBiIsD65Pktm02U/5TkOjyTI:RMrYy90AqBIn1SFm5Zxkth2Ux3h
Static task
static1
Behavioral task
behavioral1
Sample
73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148
-
Size
478KB
-
MD5
ced1a57877645ae90216b2a3587970b9
-
SHA1
f7e9977d9af08e71f2cd02673a89296918b4f82c
-
SHA256
73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148
-
SHA512
9d45d2cfa816d13c81e23bc6b9c29a51c4aaf4bbcf004b1ab6e487f6421b5cbdab1e1d3a8e631c0c804d18a8d4323b25f57333c401a223858f621b3f3843595c
-
SSDEEP
6144:KXy+bnr+Yp0yN90QEqmb1wKIm4dv3HPeqtzEXFbuBiIsD65Pktm02U/5TkOjyTI:RMrYy90AqBIn1SFm5Zxkth2Ux3h
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1