General
-
Target
6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2
-
Size
386KB
-
Sample
241109-fwnyfsycka
-
MD5
60839aa0c298a290a2255e27f745b63a
-
SHA1
aacfb0f3ee4132fa961af872a01f2cc0fbd7086b
-
SHA256
6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2
-
SHA512
8f9f59f203b6a0420c06a80953c3e2b31292e95ceee55467bdd81c7cb8cb6cd18ee40c579baa80c415ed7e0e01fdbaf7b2bb05f0269f2e8ab33cb04e4d843a8b
-
SSDEEP
6144:K/y+bnr+Np0yN90QElYJF0rvl+rDXKFVB2b1I5lWf8b27LKm19NV3dO/ko9U3dC:JMrBy90UE+HKpC1KWkb2/D3dO8o9U3I
Static task
static1
Behavioral task
behavioral1
Sample
6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2
-
Size
386KB
-
MD5
60839aa0c298a290a2255e27f745b63a
-
SHA1
aacfb0f3ee4132fa961af872a01f2cc0fbd7086b
-
SHA256
6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2
-
SHA512
8f9f59f203b6a0420c06a80953c3e2b31292e95ceee55467bdd81c7cb8cb6cd18ee40c579baa80c415ed7e0e01fdbaf7b2bb05f0269f2e8ab33cb04e4d843a8b
-
SSDEEP
6144:K/y+bnr+Np0yN90QElYJF0rvl+rDXKFVB2b1I5lWf8b27LKm19NV3dO/ko9U3dC:JMrBy90UE+HKpC1KWkb2/D3dO8o9U3I
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1