General
-
Target
cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8
-
Size
545KB
-
Sample
241109-fpsm3aybje
-
MD5
df8c0998a330520a75f8793b8488dc0a
-
SHA1
4cfa2d61ec7814becae9860b431ceabf167cb991
-
SHA256
cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8
-
SHA512
8b69c6f84bb15a3c79115989221a12ffed30ed6219c9863b65b6ee70eb60898afcbc126480f624aabf2f98ed75841da3fae818ea018870c2de4bd83096fa441a
-
SSDEEP
12288:FMrmy90tvExVUMw3TXo5qDFW0Z7yAf9yDZyhQ:TyeuVUBTYoFW0Z7xViwhQ
Static task
static1
Behavioral task
behavioral1
Sample
cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8
-
Size
545KB
-
MD5
df8c0998a330520a75f8793b8488dc0a
-
SHA1
4cfa2d61ec7814becae9860b431ceabf167cb991
-
SHA256
cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8
-
SHA512
8b69c6f84bb15a3c79115989221a12ffed30ed6219c9863b65b6ee70eb60898afcbc126480f624aabf2f98ed75841da3fae818ea018870c2de4bd83096fa441a
-
SSDEEP
12288:FMrmy90tvExVUMw3TXo5qDFW0Z7yAf9yDZyhQ:TyeuVUBTYoFW0Z7xViwhQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1