General
-
Target
6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7
-
Size
764KB
-
Sample
241109-fre5ra1lek
-
MD5
1152a8c0c424e3dec6af59369d9ea2fd
-
SHA1
aab0bcae1bcdf43c886692eb6dcd85ca5f98f189
-
SHA256
6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7
-
SHA512
ea074eeca8fce56c427e78fdefea6a2342409cd491262c00ab9aef325de5b1c9d8b34c0fe98b190d6830ba53f88dc306a121ae0b580b49df5e8a05f01ed46221
-
SSDEEP
12288:pMrOy901Mz8TWO2mof6gig+h4Ti0JAXGaKWMWPHddbYWxLOrepY3JgZ0jLJ:Dy1z8TB2Pv+hqi0u2bTWPHdSWxqrjJFV
Static task
static1
Behavioral task
behavioral1
Sample
6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Targets
-
-
Target
6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7
-
Size
764KB
-
MD5
1152a8c0c424e3dec6af59369d9ea2fd
-
SHA1
aab0bcae1bcdf43c886692eb6dcd85ca5f98f189
-
SHA256
6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7
-
SHA512
ea074eeca8fce56c427e78fdefea6a2342409cd491262c00ab9aef325de5b1c9d8b34c0fe98b190d6830ba53f88dc306a121ae0b580b49df5e8a05f01ed46221
-
SSDEEP
12288:pMrOy901Mz8TWO2mof6gig+h4Ti0JAXGaKWMWPHddbYWxLOrepY3JgZ0jLJ:Dy1z8TB2Pv+hqi0u2bTWPHdSWxqrjJFV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1