General
-
Target
44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223
-
Size
1.5MB
-
Sample
241109-eqvy5swqaw
-
MD5
7bdc672f31d18c15468a2c212e7577d1
-
SHA1
64e89a66fb93c32803c4d1c99d0473b63ef2e5e7
-
SHA256
44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223
-
SHA512
23ef714b838af14095a6068790b30a05e22b34fdc38e2ee0fe9e41d52e24c1f61fd881e9a3c2ab793f5cb4f23f4fe6a153e8985947df20a8807bef7355e5de48
-
SSDEEP
24576:HywjQ3sek0mtbgGopqKCL7xgbIFXxdqdAL6ckn/wpJoPU1z7PBO:Swjmst1CpIL7xgbYxdqdrcsU1PP
Static task
static1
Behavioral task
behavioral1
Sample
44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223
-
Size
1.5MB
-
MD5
7bdc672f31d18c15468a2c212e7577d1
-
SHA1
64e89a66fb93c32803c4d1c99d0473b63ef2e5e7
-
SHA256
44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223
-
SHA512
23ef714b838af14095a6068790b30a05e22b34fdc38e2ee0fe9e41d52e24c1f61fd881e9a3c2ab793f5cb4f23f4fe6a153e8985947df20a8807bef7355e5de48
-
SSDEEP
24576:HywjQ3sek0mtbgGopqKCL7xgbIFXxdqdAL6ckn/wpJoPU1z7PBO:Swjmst1CpIL7xgbYxdqdrcsU1PP
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1