General
-
Target
8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817
-
Size
1.5MB
-
Sample
241109-d8frhawldw
-
MD5
d72da8192b8c7260aba00316ac044665
-
SHA1
5183d8db1fccd555eb22ecb7f4e5ad13329a6b4d
-
SHA256
8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817
-
SHA512
435736465dff4558a814288b42fc6e2884dc66b200adf901d2e989e411302245168ddc2697609714bd4121c577d087f107df99516c6033f9736c92f982b57798
-
SSDEEP
24576:2yVMK2JNvdVGkgQiytttTbTTbgimiOeeyq6G8tTpYnG/S1v8cPtTodbpTzOmPSAO:FL2FV0Qiyntn0BiOeUDGwloFdOmP1
Static task
static1
Behavioral task
behavioral1
Sample
8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
maxbi
185.161.248.73:4164
-
auth_value
6aa7dba884fe45693dfa04c91440daef
Targets
-
-
Target
8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817
-
Size
1.5MB
-
MD5
d72da8192b8c7260aba00316ac044665
-
SHA1
5183d8db1fccd555eb22ecb7f4e5ad13329a6b4d
-
SHA256
8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817
-
SHA512
435736465dff4558a814288b42fc6e2884dc66b200adf901d2e989e411302245168ddc2697609714bd4121c577d087f107df99516c6033f9736c92f982b57798
-
SSDEEP
24576:2yVMK2JNvdVGkgQiytttTbTTbgimiOeeyq6G8tTpYnG/S1v8cPtTodbpTzOmPSAO:FL2FV0Qiyntn0BiOeUDGwloFdOmP1
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1