General
-
Target
92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005
-
Size
724KB
-
Sample
241108-krddda1rfj
-
MD5
f44e1ea4817e82e773277470fd6f65db
-
SHA1
6b061fba83d0a38406cecc460d77b0a9b7fd8712
-
SHA256
92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005
-
SHA512
c63d1274a1703d22ede163eb6e969d26839dd3d0af49d7f899c4ebe4dbf288b64d2f5d17ccde4bb2449768b0a0e408f68316e2d50642b07724c077a6895f64ce
-
SSDEEP
12288:SMrEy90IU3YBib4rjqkkR7crrX4gr/xxncA1K9A+gPiZ1urIVCF6v:CykYhSlOXhr/Dnc2K6jS1hVCFI
Static task
static1
Behavioral task
behavioral1
Sample
92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005
-
Size
724KB
-
MD5
f44e1ea4817e82e773277470fd6f65db
-
SHA1
6b061fba83d0a38406cecc460d77b0a9b7fd8712
-
SHA256
92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005
-
SHA512
c63d1274a1703d22ede163eb6e969d26839dd3d0af49d7f899c4ebe4dbf288b64d2f5d17ccde4bb2449768b0a0e408f68316e2d50642b07724c077a6895f64ce
-
SSDEEP
12288:SMrEy90IU3YBib4rjqkkR7crrX4gr/xxncA1K9A+gPiZ1urIVCF6v:CykYhSlOXhr/Dnc2K6jS1hVCFI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1