General
-
Target
0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb
-
Size
1.2MB
-
Sample
241109-edzfssxarh
-
MD5
7145de3821650c7d61d6213d70d1aa64
-
SHA1
51d915a6a7d04fd24168dbe92363d8645a674c3d
-
SHA256
0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb
-
SHA512
14c2eff5098b0499c22481bc8c37024460bc0e98bc5563955f293d75cc15e9cb47a8a696f19e5a919d502703388c01393e52691049857791d0e62962d421f7e1
-
SSDEEP
24576:IP68Q0hZGglqBXOSYHjlRNTeM1YCXLlW//bVyFqb:IVQ0hrlqB5YD3+nbgq
Static task
static1
Behavioral task
behavioral1
Sample
0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb
-
Size
1.2MB
-
MD5
7145de3821650c7d61d6213d70d1aa64
-
SHA1
51d915a6a7d04fd24168dbe92363d8645a674c3d
-
SHA256
0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb
-
SHA512
14c2eff5098b0499c22481bc8c37024460bc0e98bc5563955f293d75cc15e9cb47a8a696f19e5a919d502703388c01393e52691049857791d0e62962d421f7e1
-
SSDEEP
24576:IP68Q0hZGglqBXOSYHjlRNTeM1YCXLlW//bVyFqb:IVQ0hrlqB5YD3+nbgq
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1