General
-
Target
fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7
-
Size
479KB
-
Sample
241109-d7m47awlcx
-
MD5
771909845d3033090d3cdb3e693eced5
-
SHA1
aff65e58f634111d08bfec994299933e0477e03a
-
SHA256
fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7
-
SHA512
70459be7cb56f46755c744cdbc948767bc3b1b7dd3f06963e2b8ea0ce5095973fa04662402dd6f19c9dc59e9d59e90566aabf7d61c0a8c8b7d25bf5ade0e6b13
-
SSDEEP
6144:Kdy+bnr+Wp0yN90QEhtjzrZyH4MDtIA/1DhueIfMWY4acdvGuQ3S4rwhM0G3ljAW:/Mray90JtyYeZg04aoas7GqiDXBa7O
Static task
static1
Behavioral task
behavioral1
Sample
fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
madis
217.196.96.101:4132
-
auth_value
f0f6957979665a81f596383c31a1c944
Targets
-
-
Target
fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7
-
Size
479KB
-
MD5
771909845d3033090d3cdb3e693eced5
-
SHA1
aff65e58f634111d08bfec994299933e0477e03a
-
SHA256
fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7
-
SHA512
70459be7cb56f46755c744cdbc948767bc3b1b7dd3f06963e2b8ea0ce5095973fa04662402dd6f19c9dc59e9d59e90566aabf7d61c0a8c8b7d25bf5ade0e6b13
-
SSDEEP
6144:Kdy+bnr+Wp0yN90QEhtjzrZyH4MDtIA/1DhueIfMWY4acdvGuQ3S4rwhM0G3ljAW:/Mray90JtyYeZg04aoas7GqiDXBa7O
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1