General
-
Target
3348870bf55e555bf933ed84d8e5a6b8b15db45852d26750873514a337979b5c
-
Size
481KB
-
Sample
241109-ejj83azlfr
-
MD5
d2733a12ae7654140128e69465d829ef
-
SHA1
fe1a959f48a9972963c0c95c7aa37f61826ec1eb
-
SHA256
3348870bf55e555bf933ed84d8e5a6b8b15db45852d26750873514a337979b5c
-
SHA512
6ac182e94afb244e3656a2149382c406fc6c98a4aca0573cf482f546dba7f61b692042d0567550bf4fba4ae349009fea30d3c2323f44e9a5360c6aebd29ba204
-
SSDEEP
12288:RMrry90k2Qci1BLe0oIu2sXtAkv0ZlWSFs:iy32jeRJoHckv0nW4s
Static task
static1
Behavioral task
behavioral1
Sample
3348870bf55e555bf933ed84d8e5a6b8b15db45852d26750873514a337979b5c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
misfa
217.196.96.101:4132
-
auth_value
be2e6d9f1a5e54a81340947b20e561c1
Targets
-
-
Target
3348870bf55e555bf933ed84d8e5a6b8b15db45852d26750873514a337979b5c
-
Size
481KB
-
MD5
d2733a12ae7654140128e69465d829ef
-
SHA1
fe1a959f48a9972963c0c95c7aa37f61826ec1eb
-
SHA256
3348870bf55e555bf933ed84d8e5a6b8b15db45852d26750873514a337979b5c
-
SHA512
6ac182e94afb244e3656a2149382c406fc6c98a4aca0573cf482f546dba7f61b692042d0567550bf4fba4ae349009fea30d3c2323f44e9a5360c6aebd29ba204
-
SSDEEP
12288:RMrry90k2Qci1BLe0oIu2sXtAkv0ZlWSFs:iy32jeRJoHckv0nW4s
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1