General
-
Target
c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff
-
Size
531KB
-
Sample
241109-edbdzaxarb
-
MD5
651715deb67d6effd27dd6e8194154ab
-
SHA1
11e0328f2f1fb499c7cf1875f31baf058f49626b
-
SHA256
c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff
-
SHA512
b02703e75e07d242f4d0287690d5bb9d869d170fa32f27049cd9d489b29d21d82ec327ceb37cefc5b3e1da59c454d8032bf36d9f8d8ee4dc9b620135251d4f6c
-
SSDEEP
12288:3MrBy90huyIcbrCjyuUjyl0l1gMGXtYJqscclWjI:uycIAWdWla/jsdl9
Static task
static1
Behavioral task
behavioral1
Sample
c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rulit
pedigj.eu:4162
-
auth_value
f4df9ef56871d4ac883b282abaf635e0
Targets
-
-
Target
c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff
-
Size
531KB
-
MD5
651715deb67d6effd27dd6e8194154ab
-
SHA1
11e0328f2f1fb499c7cf1875f31baf058f49626b
-
SHA256
c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff
-
SHA512
b02703e75e07d242f4d0287690d5bb9d869d170fa32f27049cd9d489b29d21d82ec327ceb37cefc5b3e1da59c454d8032bf36d9f8d8ee4dc9b620135251d4f6c
-
SSDEEP
12288:3MrBy90huyIcbrCjyuUjyl0l1gMGXtYJqscclWjI:uycIAWdWla/jsdl9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1