General
-
Target
9cb4b3a08695850069dd4e0b3f192223dacb3a3b894e59c305b8c57cc4d3a6d4
-
Size
386KB
-
Sample
241109-emsplswpdv
-
MD5
50417c8bd12936f328ebc70c381b442a
-
SHA1
ea565ce608235cb0680167896fe032e92c7dd7c7
-
SHA256
9cb4b3a08695850069dd4e0b3f192223dacb3a3b894e59c305b8c57cc4d3a6d4
-
SHA512
f10de4fa484603db459ab617a0889cc7ca432f2a8166cb88eeb930df656dd44ab2fa0c65236aca6343be57b691c4bcf6da5c0ede3d13e6f3056fae3a65e0e0b1
-
SSDEEP
6144:Kxy+bnr+3p0yN90QEaCemQ4pGsl2aRpjf2nJV2h2/enwArs7V/Mpxgpxy0:PMr/y90cCeruTir2hmfx/2Kp/
Static task
static1
Behavioral task
behavioral1
Sample
9cb4b3a08695850069dd4e0b3f192223dacb3a3b894e59c305b8c57cc4d3a6d4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
9cb4b3a08695850069dd4e0b3f192223dacb3a3b894e59c305b8c57cc4d3a6d4
-
Size
386KB
-
MD5
50417c8bd12936f328ebc70c381b442a
-
SHA1
ea565ce608235cb0680167896fe032e92c7dd7c7
-
SHA256
9cb4b3a08695850069dd4e0b3f192223dacb3a3b894e59c305b8c57cc4d3a6d4
-
SHA512
f10de4fa484603db459ab617a0889cc7ca432f2a8166cb88eeb930df656dd44ab2fa0c65236aca6343be57b691c4bcf6da5c0ede3d13e6f3056fae3a65e0e0b1
-
SSDEEP
6144:Kxy+bnr+3p0yN90QEaCemQ4pGsl2aRpjf2nJV2h2/enwArs7V/Mpxgpxy0:PMr/y90cCeruTir2hmfx/2Kp/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1