General
-
Target
3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060
-
Size
1.0MB
-
Sample
241109-g5hcpszbmj
-
MD5
c3ac4703e04c97a4573e1758a0694a92
-
SHA1
7ef52bc69632d22c7cb3850fdad5873ac42ea8d6
-
SHA256
3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060
-
SHA512
3b14b95ad861d9800ad4306dde09fff4fab488b9bb1dede718c69c72434a9def5e1f8b50a17097d83b550b6e5c4a792d07d170277758f054ca2b5f7f513733f3
-
SSDEEP
24576:FyrJCX6A6I1W1I9jEuybh/kBxCRvfHsCkKq/dOX:grJCz6I1WM7yb9ixivfH7kKq/d
Static task
static1
Behavioral task
behavioral1
Sample
3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060
-
Size
1.0MB
-
MD5
c3ac4703e04c97a4573e1758a0694a92
-
SHA1
7ef52bc69632d22c7cb3850fdad5873ac42ea8d6
-
SHA256
3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060
-
SHA512
3b14b95ad861d9800ad4306dde09fff4fab488b9bb1dede718c69c72434a9def5e1f8b50a17097d83b550b6e5c4a792d07d170277758f054ca2b5f7f513733f3
-
SSDEEP
24576:FyrJCX6A6I1W1I9jEuybh/kBxCRvfHsCkKq/dOX:grJCz6I1WM7yb9ixivfH7kKq/d
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1