General
-
Target
f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74
-
Size
479KB
-
Sample
241109-d8tclazjgm
-
MD5
34e51b84923881c0f11ec47a682ea45a
-
SHA1
55d3f53354c61e4fb6d806e44bf2829034df7095
-
SHA256
f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74
-
SHA512
6514ab63df62c592b8c6a8f991e6e6bbf2a97bfeb663ef67b8c2d482a1b04ceefff59b05f355adf749541e2bec73a57970738196eaa5db0d507a4124f9f4316b
-
SSDEEP
12288:CMrOy902Ep7gZp7JuisHO0KVZimw8x0/whs9hZ:IylZp7Juif0KPigJh6
Static task
static1
Behavioral task
behavioral1
Sample
f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dona
217.196.96.101:4132
-
auth_value
9fbb198992bbc83a84ab1f21384813e3
Targets
-
-
Target
f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74
-
Size
479KB
-
MD5
34e51b84923881c0f11ec47a682ea45a
-
SHA1
55d3f53354c61e4fb6d806e44bf2829034df7095
-
SHA256
f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74
-
SHA512
6514ab63df62c592b8c6a8f991e6e6bbf2a97bfeb663ef67b8c2d482a1b04ceefff59b05f355adf749541e2bec73a57970738196eaa5db0d507a4124f9f4316b
-
SSDEEP
12288:CMrOy902Ep7gZp7JuisHO0KVZimw8x0/whs9hZ:IylZp7Juif0KPigJh6
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1