General
-
Target
12002c65c826db15042756419695a5072b58ce881275098052b292f9cc2e934d
-
Size
836KB
-
Sample
241109-fzcdtsycqn
-
MD5
7c201f635dae71300649ff8d055afe9e
-
SHA1
0fe6d369b41e85ba878a50a9d6d94a3cbed2ae0b
-
SHA256
12002c65c826db15042756419695a5072b58ce881275098052b292f9cc2e934d
-
SHA512
cc6e0cba21f18aee4f4d1bdde38b9cafaa8df2e80e76c8b6b5d5105721b64f83768c956449629b2e68f783b82052377dbb263c6627132b23964731ae3bae8ad8
-
SSDEEP
24576:Mybf5o/8qc8eZuLX0XAFraioJaFT+eU/K:7j504jMLXl7xweU
Static task
static1
Behavioral task
behavioral1
Sample
12002c65c826db15042756419695a5072b58ce881275098052b292f9cc2e934d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
12002c65c826db15042756419695a5072b58ce881275098052b292f9cc2e934d
-
Size
836KB
-
MD5
7c201f635dae71300649ff8d055afe9e
-
SHA1
0fe6d369b41e85ba878a50a9d6d94a3cbed2ae0b
-
SHA256
12002c65c826db15042756419695a5072b58ce881275098052b292f9cc2e934d
-
SHA512
cc6e0cba21f18aee4f4d1bdde38b9cafaa8df2e80e76c8b6b5d5105721b64f83768c956449629b2e68f783b82052377dbb263c6627132b23964731ae3bae8ad8
-
SSDEEP
24576:Mybf5o/8qc8eZuLX0XAFraioJaFT+eU/K:7j504jMLXl7xweU
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1