General
-
Target
f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6
-
Size
688KB
-
Sample
241109-epy96sxdnj
-
MD5
98ed66fc95ebf595e311dd0249832d2f
-
SHA1
333b871f4a6ea5029d554f7256c981af4aada1e0
-
SHA256
f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6
-
SHA512
46696d765721765312c8a97b1ee294cfac708eab3acf8a79a964d8a48b0e7a0bfefe15cabf37730638e0622052db6a2f0535ff019cbf5d77059ba9e09537a357
-
SSDEEP
12288:YMrCy90MDMGiOG25tG0UBGb502/xDH4D5wzPfcEySufUdu1/:qyV4VOGkG03yaxDH4MPwk0/
Static task
static1
Behavioral task
behavioral1
Sample
f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Targets
-
-
Target
f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6
-
Size
688KB
-
MD5
98ed66fc95ebf595e311dd0249832d2f
-
SHA1
333b871f4a6ea5029d554f7256c981af4aada1e0
-
SHA256
f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6
-
SHA512
46696d765721765312c8a97b1ee294cfac708eab3acf8a79a964d8a48b0e7a0bfefe15cabf37730638e0622052db6a2f0535ff019cbf5d77059ba9e09537a357
-
SSDEEP
12288:YMrCy90MDMGiOG25tG0UBGb502/xDH4D5wzPfcEySufUdu1/:qyV4VOGkG03yaxDH4MPwk0/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1