General
-
Target
01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215
-
Size
483KB
-
Sample
241108-jpdqpaydng
-
MD5
538805f63bc42c686fa60f64e25e72d0
-
SHA1
6923f881b607f3ad04723ea0b0bff7ac7b92b159
-
SHA256
01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215
-
SHA512
c8cebe11c3bda3a30c078bb35ec5a70d859870a9a7336556eeac142ca2140a92b699e8c9e51bcf614bf3c5af6e7c5b2eddec83f98101e3003cd5b9c0dce838e3
-
SSDEEP
12288:pMrCy90O0RPdY/WVy9ydiJOVxL023gW4wsj0ve3sj:Ty10RPu+VwSiJWLXZ4KG8j
Static task
static1
Behavioral task
behavioral1
Sample
01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215
-
Size
483KB
-
MD5
538805f63bc42c686fa60f64e25e72d0
-
SHA1
6923f881b607f3ad04723ea0b0bff7ac7b92b159
-
SHA256
01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215
-
SHA512
c8cebe11c3bda3a30c078bb35ec5a70d859870a9a7336556eeac142ca2140a92b699e8c9e51bcf614bf3c5af6e7c5b2eddec83f98101e3003cd5b9c0dce838e3
-
SSDEEP
12288:pMrCy90O0RPdY/WVy9ydiJOVxL023gW4wsj0ve3sj:Ty10RPu+VwSiJWLXZ4KG8j
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1