General
-
Target
66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c
-
Size
537KB
-
Sample
241109-fxz24sycnk
-
MD5
4c1e8bfaa8e9843b599573399b653867
-
SHA1
942abe1147ecd09ff4ad87160e910ab87993ff88
-
SHA256
66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c
-
SHA512
8eaef6b9c5c1f1671c2fe3f5f204ad0d1494282dbe0b52c2a6d4d840eae36a84edea0b7c319b5cc848be02bcafe789ad92a13f27b23460c331d4919210b4fd91
-
SSDEEP
12288:EMrJy90qb04wcvEaWPKVplhEDxhU5xYVGmNIEQqPrbAp0:VyfbpFBCKVplekxY9bnPr7
Static task
static1
Behavioral task
behavioral1
Sample
66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c
-
Size
537KB
-
MD5
4c1e8bfaa8e9843b599573399b653867
-
SHA1
942abe1147ecd09ff4ad87160e910ab87993ff88
-
SHA256
66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c
-
SHA512
8eaef6b9c5c1f1671c2fe3f5f204ad0d1494282dbe0b52c2a6d4d840eae36a84edea0b7c319b5cc848be02bcafe789ad92a13f27b23460c331d4919210b4fd91
-
SSDEEP
12288:EMrJy90qb04wcvEaWPKVplhEDxhU5xYVGmNIEQqPrbAp0:VyfbpFBCKVplekxY9bnPr7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1