General
-
Target
bbab756a651452546f2bd4ad61c3f2c17a551bf8bc2c2b3803543ea9d7d457e4
-
Size
537KB
-
Sample
241109-emfp2sxcnf
-
MD5
73ceffbee9ccc29d31ec00c7d88f8863
-
SHA1
c0b975cbeb07000b7eb76b88c6b5d7c05301a79e
-
SHA256
bbab756a651452546f2bd4ad61c3f2c17a551bf8bc2c2b3803543ea9d7d457e4
-
SHA512
2668b5eda1009f6c89fca3dd95c05fee68bc1d258182af0bbde601a0a2f6c2b4e3bd428c74246c6bd5239202f046008fd209d00b8d9344c96c7cd2d85704d9da
-
SSDEEP
12288:DMr+y90XPZD62EkQuRn99pt/I3C5J/wGs0NugF:VyM629QW99pt/I3+BLjBF
Static task
static1
Behavioral task
behavioral1
Sample
bbab756a651452546f2bd4ad61c3f2c17a551bf8bc2c2b3803543ea9d7d457e4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
bbab756a651452546f2bd4ad61c3f2c17a551bf8bc2c2b3803543ea9d7d457e4
-
Size
537KB
-
MD5
73ceffbee9ccc29d31ec00c7d88f8863
-
SHA1
c0b975cbeb07000b7eb76b88c6b5d7c05301a79e
-
SHA256
bbab756a651452546f2bd4ad61c3f2c17a551bf8bc2c2b3803543ea9d7d457e4
-
SHA512
2668b5eda1009f6c89fca3dd95c05fee68bc1d258182af0bbde601a0a2f6c2b4e3bd428c74246c6bd5239202f046008fd209d00b8d9344c96c7cd2d85704d9da
-
SSDEEP
12288:DMr+y90XPZD62EkQuRn99pt/I3C5J/wGs0NugF:VyM629QW99pt/I3+BLjBF
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1