General
-
Target
cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00
-
Size
753KB
-
Sample
241109-emq6saxcpd
-
MD5
fb13647bcaacbb515e3f0c7218fb16b9
-
SHA1
d6b8f74f0ba81454823940d871d7b65a3c05225a
-
SHA256
cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00
-
SHA512
9ee3719f85163dce4e4cd0822ad990dca3c0b84bcc5bfba55e888b81053afa330008cd826eb1ad21c23dea3052510923ea4860d938ee59a83f61e5d0762a1368
-
SSDEEP
12288:cMroy90CAO6RyT+eQRlPyF0ROPd/x9jg7uNdDfeHyS6SRSzSnOjYp0HOOxgACO1:kyjletZqZjg6D2Hytg6SnOUpPdAN1
Static task
static1
Behavioral task
behavioral1
Sample
cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mars
83.97.73.127:19045
-
auth_value
91bd3682cfb50cdc64b6009eb977b766
Targets
-
-
Target
cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00
-
Size
753KB
-
MD5
fb13647bcaacbb515e3f0c7218fb16b9
-
SHA1
d6b8f74f0ba81454823940d871d7b65a3c05225a
-
SHA256
cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00
-
SHA512
9ee3719f85163dce4e4cd0822ad990dca3c0b84bcc5bfba55e888b81053afa330008cd826eb1ad21c23dea3052510923ea4860d938ee59a83f61e5d0762a1368
-
SSDEEP
12288:cMroy90CAO6RyT+eQRlPyF0ROPd/x9jg7uNdDfeHyS6SRSzSnOjYp0HOOxgACO1:kyjletZqZjg6D2Hytg6SnOUpPdAN1
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1