General
-
Target
588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e
-
Size
477KB
-
Sample
241109-17av7atdma
-
MD5
70a07a89c3f372bff95e5c065a200844
-
SHA1
effe6284520bdb76fd69f64c5ede49e06e2f81ca
-
SHA256
588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e
-
SHA512
891bcbb0deab0f648e413a3fd5964e92d504e7f6faaa73def81901ac0430d47cbc65e4b326b798399f9a8a7a322a74b267fe86e01bb5e6e3e67cc8ed098e45a5
-
SSDEEP
6144:K3y+bnr+9p0yN90QE5YMvvVUIq/GM1zElJMtJ9IquAtNxb0K48lVBhgXb5Cv:RMrJy90/vvVmGM1YJMvGtU4iwYv
Static task
static1
Behavioral task
behavioral1
Sample
588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e
-
Size
477KB
-
MD5
70a07a89c3f372bff95e5c065a200844
-
SHA1
effe6284520bdb76fd69f64c5ede49e06e2f81ca
-
SHA256
588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e
-
SHA512
891bcbb0deab0f648e413a3fd5964e92d504e7f6faaa73def81901ac0430d47cbc65e4b326b798399f9a8a7a322a74b267fe86e01bb5e6e3e67cc8ed098e45a5
-
SSDEEP
6144:K3y+bnr+9p0yN90QE5YMvvVUIq/GM1zElJMtJ9IquAtNxb0K48lVBhgXb5Cv:RMrJy90/vvVmGM1YJMvGtU4iwYv
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1