General
-
Target
af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af
-
Size
992KB
-
Sample
241109-mj8wessglm
-
MD5
2f280b4c082ba518ebd79169d6aa5f45
-
SHA1
ee9447815121880852ce31b06f5c45376ddf9a80
-
SHA256
af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af
-
SHA512
04a2eb8aede4b58f425f83514c10090d595e0131079971d98b57f7abbd260ef455bfed23484e1ebd522a8da32e10248ab43870bd4afb659e24570e29ca7de1dd
-
SSDEEP
24576:AylTofCapAwY04kgWJTeboTRqWeShVm4:H6OWJeboZ
Static task
static1
Behavioral task
behavioral1
Sample
af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mixer
185.161.248.75:4132
-
auth_value
3668eba4f0cb1021a9e9ed55e76ed85e
Targets
-
-
Target
af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af
-
Size
992KB
-
MD5
2f280b4c082ba518ebd79169d6aa5f45
-
SHA1
ee9447815121880852ce31b06f5c45376ddf9a80
-
SHA256
af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af
-
SHA512
04a2eb8aede4b58f425f83514c10090d595e0131079971d98b57f7abbd260ef455bfed23484e1ebd522a8da32e10248ab43870bd4afb659e24570e29ca7de1dd
-
SSDEEP
24576:AylTofCapAwY04kgWJTeboTRqWeShVm4:H6OWJeboZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-