General
-
Target
8d87beb9d708dcb7cd5e0281c4c525397a8e4d60190b2569f1bf5fcca598ddf0
-
Size
479KB
-
Sample
241109-fn57rsyard
-
MD5
7507388efa6d22fd4da4cb098ca01ad1
-
SHA1
0a1e6fb1959f2d37122bca384284f87a3437f001
-
SHA256
8d87beb9d708dcb7cd5e0281c4c525397a8e4d60190b2569f1bf5fcca598ddf0
-
SHA512
94c62d299b513aefbda5741445cc8f9e2cb3f8a72debee8c08aefc51a674de924423b9d91a6ec1835d07c0ed0d3c6ef7850a2134c615e3ddaab11d7f941730bb
-
SSDEEP
12288:gMrjy90CvwnYBu+a6wdHTHL4CioRp/cfog6Yq/:Tyanj+av5nRpC6B/
Static task
static1
Behavioral task
behavioral1
Sample
8d87beb9d708dcb7cd5e0281c4c525397a8e4d60190b2569f1bf5fcca598ddf0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
morty
217.196.96.101:4132
-
auth_value
fe1a24c211cc8e5bf9ff11c737ce0e97
Targets
-
-
Target
8d87beb9d708dcb7cd5e0281c4c525397a8e4d60190b2569f1bf5fcca598ddf0
-
Size
479KB
-
MD5
7507388efa6d22fd4da4cb098ca01ad1
-
SHA1
0a1e6fb1959f2d37122bca384284f87a3437f001
-
SHA256
8d87beb9d708dcb7cd5e0281c4c525397a8e4d60190b2569f1bf5fcca598ddf0
-
SHA512
94c62d299b513aefbda5741445cc8f9e2cb3f8a72debee8c08aefc51a674de924423b9d91a6ec1835d07c0ed0d3c6ef7850a2134c615e3ddaab11d7f941730bb
-
SSDEEP
12288:gMrjy90CvwnYBu+a6wdHTHL4CioRp/cfog6Yq/:Tyanj+av5nRpC6B/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1