General
-
Target
37cb004ef871f12d268a7bde1fd7ec2f5d06eb57b3aef8873e6cc6796b2faecf
-
Size
525KB
-
Sample
241109-f1847axpfz
-
MD5
4f6a764fd6e0922672139a4c6578f025
-
SHA1
4cd4a139668f1fc13a02ac0665e2816d96f44222
-
SHA256
37cb004ef871f12d268a7bde1fd7ec2f5d06eb57b3aef8873e6cc6796b2faecf
-
SHA512
79b49e8eca6b19a4952ca84b764c0f047c6d1bf38897facfd10f7c039ea9a93a06595031f741649239197efd8b320dbf67fdbeb1b61594f667fb987deebce7d4
-
SSDEEP
6144:K2y+bnr+rp0yN90QEBgQcrZSV8HQjcRpO2Bn6XONH7HkAZ7EUFYxePWkuIroJgN+:aMrby90njcroV8HQQe87k4N+zJIhf09
Static task
static1
Behavioral task
behavioral1
Sample
37cb004ef871f12d268a7bde1fd7ec2f5d06eb57b3aef8873e6cc6796b2faecf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
37cb004ef871f12d268a7bde1fd7ec2f5d06eb57b3aef8873e6cc6796b2faecf
-
Size
525KB
-
MD5
4f6a764fd6e0922672139a4c6578f025
-
SHA1
4cd4a139668f1fc13a02ac0665e2816d96f44222
-
SHA256
37cb004ef871f12d268a7bde1fd7ec2f5d06eb57b3aef8873e6cc6796b2faecf
-
SHA512
79b49e8eca6b19a4952ca84b764c0f047c6d1bf38897facfd10f7c039ea9a93a06595031f741649239197efd8b320dbf67fdbeb1b61594f667fb987deebce7d4
-
SSDEEP
6144:K2y+bnr+rp0yN90QEBgQcrZSV8HQjcRpO2Bn6XONH7HkAZ7EUFYxePWkuIroJgN+:aMrby90njcroV8HQQe87k4N+zJIhf09
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1