General
-
Target
0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1
-
Size
1.0MB
-
Sample
241109-1gx8sssjdy
-
MD5
68eb20fea33bfcdac49e48e389271f7d
-
SHA1
11074c5fb379f407e686c9881eb05ef762a8838f
-
SHA256
0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1
-
SHA512
4fd07d943c5829160327936d96a7c6b74f473bebe0f26bba475d382e925cad19af470479515c6f6e9e8af8e97d01bf3b94346a5635f84b475b3e96b2ae3757c8
-
SSDEEP
24576:Pyu8KpJ1pPQTWwSDHR9+mHQLcPHVPCdgwlA30MkObpMCIr89Xj2jk:au8Kp7p4T1Sx4ms8HVClAQObpMCXt4
Static task
static1
Behavioral task
behavioral1
Sample
0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1
-
Size
1.0MB
-
MD5
68eb20fea33bfcdac49e48e389271f7d
-
SHA1
11074c5fb379f407e686c9881eb05ef762a8838f
-
SHA256
0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1
-
SHA512
4fd07d943c5829160327936d96a7c6b74f473bebe0f26bba475d382e925cad19af470479515c6f6e9e8af8e97d01bf3b94346a5635f84b475b3e96b2ae3757c8
-
SSDEEP
24576:Pyu8KpJ1pPQTWwSDHR9+mHQLcPHVPCdgwlA30MkObpMCIr89Xj2jk:au8Kp7p4T1Sx4ms8HVClAQObpMCXt4
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1