General
-
Target
91504a59ef479454ea26990f2aa5c0156be1c10e432106d10514708aca1c0744
-
Size
525KB
-
Sample
241109-ejenksxckl
-
MD5
c946f07b336a628311104730c222c80a
-
SHA1
12d14d61e6c3936d420f49cde99f0940c69a182f
-
SHA256
91504a59ef479454ea26990f2aa5c0156be1c10e432106d10514708aca1c0744
-
SHA512
8619aefc72339af4337d37b5851c6319e9967122b1a53ae4c5f0e2a0166435845bba275a8df30dc7fdf3229cf94a39ece71e819dff683f781bae9915cb5a3408
-
SSDEEP
12288:tMrjy90/rCYCVYTvH2WkJAZdYxXeKTdA:yyHYzNkAKTG
Static task
static1
Behavioral task
behavioral1
Sample
91504a59ef479454ea26990f2aa5c0156be1c10e432106d10514708aca1c0744.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
91504a59ef479454ea26990f2aa5c0156be1c10e432106d10514708aca1c0744
-
Size
525KB
-
MD5
c946f07b336a628311104730c222c80a
-
SHA1
12d14d61e6c3936d420f49cde99f0940c69a182f
-
SHA256
91504a59ef479454ea26990f2aa5c0156be1c10e432106d10514708aca1c0744
-
SHA512
8619aefc72339af4337d37b5851c6319e9967122b1a53ae4c5f0e2a0166435845bba275a8df30dc7fdf3229cf94a39ece71e819dff683f781bae9915cb5a3408
-
SSDEEP
12288:tMrjy90/rCYCVYTvH2WkJAZdYxXeKTdA:yyHYzNkAKTG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1