General
-
Target
f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e
-
Size
731KB
-
Sample
241109-psh3gavbjk
-
MD5
a65ce569102273b446f305dd485535da
-
SHA1
c4bc30982dd1782aa1419ec94c1926da452f6908
-
SHA256
f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e
-
SHA512
be4f4f6c63d958cb6f97eb4b2a399a7da5ad64bd19b33c3b8368eda2842caa3d6c419b2d5018477618bfcb85f1d0310c67db5e47b3accc155677d0e516ff85e8
-
SSDEEP
12288:nMrHy90tQqYg7izU+W6kXv/p2DDQt18rSYts/wnC8gdmX8PRrr66+2gp:Aye/uz3W6kXv/uDQtsqwnBkf6xR
Static task
static1
Behavioral task
behavioral1
Sample
f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Targets
-
-
Target
f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e
-
Size
731KB
-
MD5
a65ce569102273b446f305dd485535da
-
SHA1
c4bc30982dd1782aa1419ec94c1926da452f6908
-
SHA256
f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e
-
SHA512
be4f4f6c63d958cb6f97eb4b2a399a7da5ad64bd19b33c3b8368eda2842caa3d6c419b2d5018477618bfcb85f1d0310c67db5e47b3accc155677d0e516ff85e8
-
SSDEEP
12288:nMrHy90tQqYg7izU+W6kXv/p2DDQt18rSYts/wnC8gdmX8PRrr66+2gp:Aye/uz3W6kXv/uDQtsqwnBkf6xR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1