General
-
Target
00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd
-
Size
1.2MB
-
Sample
241109-fs77xsybrp
-
MD5
c4ea0d712091337f8c2dd6407e25eb7b
-
SHA1
23f2d0ea1429f2a111e76996a52384989f28d521
-
SHA256
00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd
-
SHA512
d605ffa54303cf71c0e91fad1e229d03a5a05cc05aedc0412b6b5af18d405003a59fb94e8d9c08272ae8af0c4a16c9d1a60b03237af2f4cb17883db61a049b7a
-
SSDEEP
24576:gj3K/AAOwOCmhhGrQdhrZuk/BJdQtcaDRC24Hqhb:gjOQ5FfdQtcIN
Static task
static1
Behavioral task
behavioral1
Sample
00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd
-
Size
1.2MB
-
MD5
c4ea0d712091337f8c2dd6407e25eb7b
-
SHA1
23f2d0ea1429f2a111e76996a52384989f28d521
-
SHA256
00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd
-
SHA512
d605ffa54303cf71c0e91fad1e229d03a5a05cc05aedc0412b6b5af18d405003a59fb94e8d9c08272ae8af0c4a16c9d1a60b03237af2f4cb17883db61a049b7a
-
SSDEEP
24576:gj3K/AAOwOCmhhGrQdhrZuk/BJdQtcaDRC24Hqhb:gjOQ5FfdQtcIN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1