General
-
Target
95dc78ae9f21dfcef4ab10ca00b91b34a277009d3592083ccb8fc5952cc764ac
-
Size
836KB
-
Sample
241109-f2zxxaxpgz
-
MD5
d55787479ecb1c462831098cde2f256a
-
SHA1
58f2eff68bb34a3c801523cba125bac61bc8dc3d
-
SHA256
95dc78ae9f21dfcef4ab10ca00b91b34a277009d3592083ccb8fc5952cc764ac
-
SHA512
b222ae5e201d592926c0fb9d32bcd2c03a4108d3bbfd18def037dc187452d318504229259fa79512444b75e5c5924a46dd1d212c570cbb9be6504800d8670b55
-
SSDEEP
12288:aMrZy90aNWYmvA7J12pkIs1HnchQhZ5gcxvUva0e2Why/dh3r3dtGEnPYQRJic0w:byZMAVp1HcUbbUUhKjdtnn1bicp
Static task
static1
Behavioral task
behavioral1
Sample
95dc78ae9f21dfcef4ab10ca00b91b34a277009d3592083ccb8fc5952cc764ac.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
95dc78ae9f21dfcef4ab10ca00b91b34a277009d3592083ccb8fc5952cc764ac
-
Size
836KB
-
MD5
d55787479ecb1c462831098cde2f256a
-
SHA1
58f2eff68bb34a3c801523cba125bac61bc8dc3d
-
SHA256
95dc78ae9f21dfcef4ab10ca00b91b34a277009d3592083ccb8fc5952cc764ac
-
SHA512
b222ae5e201d592926c0fb9d32bcd2c03a4108d3bbfd18def037dc187452d318504229259fa79512444b75e5c5924a46dd1d212c570cbb9be6504800d8670b55
-
SSDEEP
12288:aMrZy90aNWYmvA7J12pkIs1HnchQhZ5gcxvUva0e2Why/dh3r3dtGEnPYQRJic0w:byZMAVp1HcUbbUUhKjdtnn1bicp
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1