General
-
Target
bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec
-
Size
560KB
-
Sample
241109-ense8szmgj
-
MD5
e6399b2d2c2a4f9962dc96d6d53cbacc
-
SHA1
2fdaae0921a61fb518c3507fe8a87d82efc253ba
-
SHA256
bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec
-
SHA512
59c75d370641ff33b75fd93a6616451ccd26857eaa3a63f645e52b8a710eb810f4c8ac81403c85f12f6d0ce9a6f6b3995a4433a6e4769b0600e50aa258502acf
-
SSDEEP
12288:9MrIy90IaNvtBk2nzvzpk6xD7TaD4y9b++G0SA3B8h:Vyl4FBk2zvzpkaD7TaDL9bjHv+
Static task
static1
Behavioral task
behavioral1
Sample
bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec
-
Size
560KB
-
MD5
e6399b2d2c2a4f9962dc96d6d53cbacc
-
SHA1
2fdaae0921a61fb518c3507fe8a87d82efc253ba
-
SHA256
bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec
-
SHA512
59c75d370641ff33b75fd93a6616451ccd26857eaa3a63f645e52b8a710eb810f4c8ac81403c85f12f6d0ce9a6f6b3995a4433a6e4769b0600e50aa258502acf
-
SSDEEP
12288:9MrIy90IaNvtBk2nzvzpk6xD7TaD4y9b++G0SA3B8h:Vyl4FBk2zvzpkaD7TaDL9bjHv+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1