General
-
Target
95bf7ca3b4ad335b601f3b60f4375870b9edbcfc9b001ebc823299346e59a67f
-
Size
672KB
-
Sample
241109-fktpkaxmav
-
MD5
27df861b21b0c5dfce9f9b85df8a0d49
-
SHA1
1cfee9646b99ed7e84187a5c657f32cc2d682990
-
SHA256
95bf7ca3b4ad335b601f3b60f4375870b9edbcfc9b001ebc823299346e59a67f
-
SHA512
175cf90719bd98167e9b4109b35c3238bdebb4dae58a44c0d17d2e5b2eb362779f63def2fe14a51ca02074145cc554a2a48111f5d21c67f2b1c79fc7cdb12ca2
-
SSDEEP
12288:NMrby909kq6734Qovq8i/wLT8EmRebus05ZNQZy8QVNEBk8gUasFA:eyakq67IOl/kos0jVNVwav
Static task
static1
Behavioral task
behavioral1
Sample
95bf7ca3b4ad335b601f3b60f4375870b9edbcfc9b001ebc823299346e59a67f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubik
193.233.20.17:4139
-
auth_value
05136deb26ad700ca57d43b1de454f46
Targets
-
-
Target
95bf7ca3b4ad335b601f3b60f4375870b9edbcfc9b001ebc823299346e59a67f
-
Size
672KB
-
MD5
27df861b21b0c5dfce9f9b85df8a0d49
-
SHA1
1cfee9646b99ed7e84187a5c657f32cc2d682990
-
SHA256
95bf7ca3b4ad335b601f3b60f4375870b9edbcfc9b001ebc823299346e59a67f
-
SHA512
175cf90719bd98167e9b4109b35c3238bdebb4dae58a44c0d17d2e5b2eb362779f63def2fe14a51ca02074145cc554a2a48111f5d21c67f2b1c79fc7cdb12ca2
-
SSDEEP
12288:NMrby909kq6734Qovq8i/wLT8EmRebus05ZNQZy8QVNEBk8gUasFA:eyakq67IOl/kos0jVNVwav
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1