General
-
Target
f49c561355e7df3431481b1e617cd04b5dcedbe7761f98fcc3513a3f05771087
-
Size
550KB
-
Sample
241109-d65ylswhrn
-
MD5
34a8de151f4cc11d1132bd265411036c
-
SHA1
75b3108222e34539b2cc02a0ba6efea4e0422960
-
SHA256
f49c561355e7df3431481b1e617cd04b5dcedbe7761f98fcc3513a3f05771087
-
SHA512
aae9e501f563b53d2aab9ec4f28ba3c8598522862868878f6b4beba253143cf296fe7c9862072d69ca3b43e0b2be5ba56ab1a0bf4fdf51e2c22bc3084781150f
-
SSDEEP
12288:uMrFy90mMnm067bpR72y1KX2714pPAfU+uQ8OhoXGObNl2u:jyxMnm06Lqy1KX2mp4fUi8bjB
Static task
static1
Behavioral task
behavioral1
Sample
f49c561355e7df3431481b1e617cd04b5dcedbe7761f98fcc3513a3f05771087.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
f49c561355e7df3431481b1e617cd04b5dcedbe7761f98fcc3513a3f05771087
-
Size
550KB
-
MD5
34a8de151f4cc11d1132bd265411036c
-
SHA1
75b3108222e34539b2cc02a0ba6efea4e0422960
-
SHA256
f49c561355e7df3431481b1e617cd04b5dcedbe7761f98fcc3513a3f05771087
-
SHA512
aae9e501f563b53d2aab9ec4f28ba3c8598522862868878f6b4beba253143cf296fe7c9862072d69ca3b43e0b2be5ba56ab1a0bf4fdf51e2c22bc3084781150f
-
SSDEEP
12288:uMrFy90mMnm067bpR72y1KX2714pPAfU+uQ8OhoXGObNl2u:jyxMnm06Lqy1KX2mp4fUi8bjB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1