General
-
Target
efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b
-
Size
706KB
-
Sample
241109-fyw2va1naj
-
MD5
842ff338f9e1dc398ab2e02f7bb41d58
-
SHA1
abdf1651dd1e29f34b059f2ecfcd6866eb8aadb6
-
SHA256
efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b
-
SHA512
b4b4b1f4ef59cad8eb3132529d2965f50901e1a112d9e4ee53346a4232e156affc77975508421702350a479d327bec14683d9e27c70fd85018979ec9ba3348af
-
SSDEEP
12288:sMrSy90rS+AsSZ+EjYQobeeMQoQjJvjaMH/oBUgfhMC7j9m51FvoX1eb:2yJ+L6bYjMQnjBjT/oagWCE5vvoX1C
Static task
static1
Behavioral task
behavioral1
Sample
efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronam
193.233.20.17:4139
-
auth_value
125421d19d14dd7fd211bc7f6d4aea6c
Targets
-
-
Target
efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b
-
Size
706KB
-
MD5
842ff338f9e1dc398ab2e02f7bb41d58
-
SHA1
abdf1651dd1e29f34b059f2ecfcd6866eb8aadb6
-
SHA256
efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b
-
SHA512
b4b4b1f4ef59cad8eb3132529d2965f50901e1a112d9e4ee53346a4232e156affc77975508421702350a479d327bec14683d9e27c70fd85018979ec9ba3348af
-
SSDEEP
12288:sMrSy90rS+AsSZ+EjYQobeeMQoQjJvjaMH/oBUgfhMC7j9m51FvoX1eb:2yJ+L6bYjMQnjBjT/oagWCE5vvoX1C
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1