General
-
Target
7cb243cfd862dcaa577c0b27aba20f29bb3cb62ba984c848e11c100747ca3b21
-
Size
686KB
-
Sample
241109-d6twcawhnc
-
MD5
f9ea5beb4cb299e6e0157bdfc342efb5
-
SHA1
b4fbd24f67c428b071871d6f1cc7fb37895f3259
-
SHA256
7cb243cfd862dcaa577c0b27aba20f29bb3cb62ba984c848e11c100747ca3b21
-
SHA512
5c53be0dccc36d5d0c62d3c12e91012802f9edc9c9dda501f62bc1127d5675911d265d50de2c4d7ce24c7e96acafe39b61b867a76b5adad2092baffec8afaab8
-
SSDEEP
12288:XMrNy90v3hFzzEA5Hbp8vI1sPa8jbdlLpgpGMjyKmccl0VLT5:uyshlhWI1sPa8jbdlLp23WqVf5
Static task
static1
Behavioral task
behavioral1
Sample
7cb243cfd862dcaa577c0b27aba20f29bb3cb62ba984c848e11c100747ca3b21.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Targets
-
-
Target
7cb243cfd862dcaa577c0b27aba20f29bb3cb62ba984c848e11c100747ca3b21
-
Size
686KB
-
MD5
f9ea5beb4cb299e6e0157bdfc342efb5
-
SHA1
b4fbd24f67c428b071871d6f1cc7fb37895f3259
-
SHA256
7cb243cfd862dcaa577c0b27aba20f29bb3cb62ba984c848e11c100747ca3b21
-
SHA512
5c53be0dccc36d5d0c62d3c12e91012802f9edc9c9dda501f62bc1127d5675911d265d50de2c4d7ce24c7e96acafe39b61b867a76b5adad2092baffec8afaab8
-
SSDEEP
12288:XMrNy90v3hFzzEA5Hbp8vI1sPa8jbdlLpgpGMjyKmccl0VLT5:uyshlhWI1sPa8jbdlLp23WqVf5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1