General
-
Target
d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9
-
Size
202KB
-
Sample
241108-fcxq9avmg1
-
MD5
e4550062c9c688e3e3a3df2e73243a27
-
SHA1
345b6ce0ed11ef4e6671c0637689a444edb861dd
-
SHA256
d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9
-
SHA512
3113349f85eb546b6ff719d0dbb6efb26f6b76d5b300acda0762ecf9296f6174e76c484fe99bd47d64a96335f07bb86ce0ea1c916216ec5fce6df7d630ee2644
-
SSDEEP
3072:Kjy+bnr+O185GWp1icKAArDZz4N9GhbkrNEk60fA7jkFF9j5dBKOalY1:Kjy+bnr+np0yN90QE6fAHsF3B
Static task
static1
Behavioral task
behavioral1
Sample
d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9
-
Size
202KB
-
MD5
e4550062c9c688e3e3a3df2e73243a27
-
SHA1
345b6ce0ed11ef4e6671c0637689a444edb861dd
-
SHA256
d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9
-
SHA512
3113349f85eb546b6ff719d0dbb6efb26f6b76d5b300acda0762ecf9296f6174e76c484fe99bd47d64a96335f07bb86ce0ea1c916216ec5fce6df7d630ee2644
-
SSDEEP
3072:Kjy+bnr+O185GWp1icKAArDZz4N9GhbkrNEk60fA7jkFF9j5dBKOalY1:Kjy+bnr+np0yN90QE6fAHsF3B
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1