General
-
Target
86926cd9319ebf8e5767a7612dafdb78fd1b4eed0f5b4f16bc86036a5a81fc35
-
Size
776KB
-
Sample
241109-fq7hls1ldq
-
MD5
3f93bee8b05a165fdd2fc4a584df9323
-
SHA1
a4a3a73982901fa98438c74690f9ac86044603ba
-
SHA256
86926cd9319ebf8e5767a7612dafdb78fd1b4eed0f5b4f16bc86036a5a81fc35
-
SHA512
121fb29d3107880128273abe59d4ec210571b105df0fe149c4b513ac60228130396371632c8e78cc256b43f3322b3e82cabf80980919bad7e4c56189df22df90
-
SSDEEP
12288:1MrNy90BGypQXXJFrOCM9eM1X6W8jSk372Bg071LVSNYNNU5ifzOUMALSvdU4m:8ySAp0gUX38dl0xLwYs5IzOfALSVRm
Static task
static1
Behavioral task
behavioral1
Sample
86926cd9319ebf8e5767a7612dafdb78fd1b4eed0f5b4f16bc86036a5a81fc35.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
86926cd9319ebf8e5767a7612dafdb78fd1b4eed0f5b4f16bc86036a5a81fc35
-
Size
776KB
-
MD5
3f93bee8b05a165fdd2fc4a584df9323
-
SHA1
a4a3a73982901fa98438c74690f9ac86044603ba
-
SHA256
86926cd9319ebf8e5767a7612dafdb78fd1b4eed0f5b4f16bc86036a5a81fc35
-
SHA512
121fb29d3107880128273abe59d4ec210571b105df0fe149c4b513ac60228130396371632c8e78cc256b43f3322b3e82cabf80980919bad7e4c56189df22df90
-
SSDEEP
12288:1MrNy90BGypQXXJFrOCM9eM1X6W8jSk372Bg071LVSNYNNU5ifzOUMALSvdU4m:8ySAp0gUX38dl0xLwYs5IzOfALSVRm
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1