General
-
Target
f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f
-
Size
562KB
-
Sample
241109-gywlrazamp
-
MD5
d6f47dc7945480708da2fdf5154c1ad6
-
SHA1
68e6f8108e88dd874dc8862da1146a8ddbae2ff3
-
SHA256
f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f
-
SHA512
77cf8f611e83a07778b9a8f7354d3e4b05870cdd7a246bc7f850540cb04083263e95d29e01d7a1e96fcc942f21c1e2f2276dd5bfa6e8581624afdead7412d8fb
-
SSDEEP
12288:gMMrTy907DgHvNfWYK0xssmQH1aBVl11B:g/yODgHvNfWYK0BXs3
Static task
static1
Behavioral task
behavioral1
Sample
f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f
-
Size
562KB
-
MD5
d6f47dc7945480708da2fdf5154c1ad6
-
SHA1
68e6f8108e88dd874dc8862da1146a8ddbae2ff3
-
SHA256
f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f
-
SHA512
77cf8f611e83a07778b9a8f7354d3e4b05870cdd7a246bc7f850540cb04083263e95d29e01d7a1e96fcc942f21c1e2f2276dd5bfa6e8581624afdead7412d8fb
-
SSDEEP
12288:gMMrTy907DgHvNfWYK0xssmQH1aBVl11B:g/yODgHvNfWYK0BXs3
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1