General
-
Target
adb6e933fdf8fa3748b48f3e79915f18a39c67592b68b44d18138f1ca7831de6
-
Size
546KB
-
Sample
241109-fsvltsxnbx
-
MD5
247c9249a9c171a46cd2d2912b7cc0fe
-
SHA1
2f85c61f45086be9a1635a6dbe6d2c7345ba8d35
-
SHA256
adb6e933fdf8fa3748b48f3e79915f18a39c67592b68b44d18138f1ca7831de6
-
SHA512
74db9d2804cc334955dc55100532487a087b41c558051e70a8635da32593e3ab309b6ed36dddf3027cd52e89967f8a7b956e293900ec16c5cbb1b1f84f288f12
-
SSDEEP
12288:GMrXy90M3fEob6FFI1NiJDWn5stqwLtohshATbgK:tyLff6FFWNu9ZAgK
Static task
static1
Behavioral task
behavioral1
Sample
adb6e933fdf8fa3748b48f3e79915f18a39c67592b68b44d18138f1ca7831de6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
adb6e933fdf8fa3748b48f3e79915f18a39c67592b68b44d18138f1ca7831de6
-
Size
546KB
-
MD5
247c9249a9c171a46cd2d2912b7cc0fe
-
SHA1
2f85c61f45086be9a1635a6dbe6d2c7345ba8d35
-
SHA256
adb6e933fdf8fa3748b48f3e79915f18a39c67592b68b44d18138f1ca7831de6
-
SHA512
74db9d2804cc334955dc55100532487a087b41c558051e70a8635da32593e3ab309b6ed36dddf3027cd52e89967f8a7b956e293900ec16c5cbb1b1f84f288f12
-
SSDEEP
12288:GMrXy90M3fEob6FFI1NiJDWn5stqwLtohshATbgK:tyLff6FFWNu9ZAgK
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1