General
-
Target
ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2
-
Size
926KB
-
Sample
241109-f4rz3sydpb
-
MD5
1abf7a59b232db7fd13da75c7a03984b
-
SHA1
b57c582cbb06bb48a862235146887577ff67b9fd
-
SHA256
ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2
-
SHA512
1438f2bfa2452f43fead7591cb2ffb0554bd1faea71749726d817edb15c3141aafb72b8e35f3399e0d4d00073a9214053fb9191fc98db29e5723c1a147f17476
-
SSDEEP
24576:byylyMZxt8Ylj5e2ktZLjKalr8qfMCVNr+w:O2e2gvKalrNXNr+
Static task
static1
Behavioral task
behavioral1
Sample
ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
dezik
77.91.124.145:4125
-
auth_value
afab3a79f84bd5003ef2824211bcf14e
Targets
-
-
Target
ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2
-
Size
926KB
-
MD5
1abf7a59b232db7fd13da75c7a03984b
-
SHA1
b57c582cbb06bb48a862235146887577ff67b9fd
-
SHA256
ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2
-
SHA512
1438f2bfa2452f43fead7591cb2ffb0554bd1faea71749726d817edb15c3141aafb72b8e35f3399e0d4d00073a9214053fb9191fc98db29e5723c1a147f17476
-
SSDEEP
24576:byylyMZxt8Ylj5e2ktZLjKalr8qfMCVNr+w:O2e2gvKalrNXNr+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1