General
-
Target
a1fb9345cd1f7bcd8a5b32d7fa1c698e7eed0e4d7562662fb7531bd14b7a70c1
-
Size
1.5MB
-
Sample
241109-flp3rsyamh
-
MD5
ae01edfc304f7698d6626d91fe4c163c
-
SHA1
cc81b7959e19442475fead43e27ec99edd5a253b
-
SHA256
a1fb9345cd1f7bcd8a5b32d7fa1c698e7eed0e4d7562662fb7531bd14b7a70c1
-
SHA512
4a4186eec617132648659e272e2d84e92b6ca7e3189875feaadec3c5b152143baafc650a68b2f92a58dd87f4747d5c8f22c7ccac5e89e1efafcc1c825d6e3395
-
SSDEEP
24576:1yTF7Y83bJ+ZhcTbTU01kkE3qYODomnh5C/zTS3z5A3AEd+jQoBjIEeJGLzLp20:QBM83khcXY3kEgP3JEd+xIlGHLp
Static task
static1
Behavioral task
behavioral1
Sample
a1fb9345cd1f7bcd8a5b32d7fa1c698e7eed0e4d7562662fb7531bd14b7a70c1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
a1fb9345cd1f7bcd8a5b32d7fa1c698e7eed0e4d7562662fb7531bd14b7a70c1
-
Size
1.5MB
-
MD5
ae01edfc304f7698d6626d91fe4c163c
-
SHA1
cc81b7959e19442475fead43e27ec99edd5a253b
-
SHA256
a1fb9345cd1f7bcd8a5b32d7fa1c698e7eed0e4d7562662fb7531bd14b7a70c1
-
SHA512
4a4186eec617132648659e272e2d84e92b6ca7e3189875feaadec3c5b152143baafc650a68b2f92a58dd87f4747d5c8f22c7ccac5e89e1efafcc1c825d6e3395
-
SSDEEP
24576:1yTF7Y83bJ+ZhcTbTU01kkE3qYODomnh5C/zTS3z5A3AEd+jQoBjIEeJGLzLp20:QBM83khcXY3kEgP3JEd+xIlGHLp
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1