General
-
Target
2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070
-
Size
908KB
-
Sample
241109-fqhjgsyblr
-
MD5
d8849d08279effb603fdf0236655bb8e
-
SHA1
8525858fe42b0166819dd23e35e663164bb0f664
-
SHA256
2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070
-
SHA512
03b2c942d3e05a19243ca4c8c99d5886407b542b79ff0e2a1fbf9347bcf6b8a6b8129f0eda8be41babbfde514d65e7e3952ffc2368524e8808cc058a7a1b68c7
-
SSDEEP
12288:OMrry90UyInNymGEu3GyxAzkEW/frebIs4InAqRydsGCCKl0Ljpu/xN8k/do:VyKSsmw3nxAy6DwdsGCwpmNn/i
Static task
static1
Behavioral task
behavioral1
Sample
2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070
-
Size
908KB
-
MD5
d8849d08279effb603fdf0236655bb8e
-
SHA1
8525858fe42b0166819dd23e35e663164bb0f664
-
SHA256
2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070
-
SHA512
03b2c942d3e05a19243ca4c8c99d5886407b542b79ff0e2a1fbf9347bcf6b8a6b8129f0eda8be41babbfde514d65e7e3952ffc2368524e8808cc058a7a1b68c7
-
SSDEEP
12288:OMrry90UyInNymGEu3GyxAzkEW/frebIs4InAqRydsGCCKl0Ljpu/xN8k/do:VyKSsmw3nxAy6DwdsGCwpmNn/i
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1