General
-
Target
f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08
-
Size
500KB
-
Sample
241109-qas1dsvdrq
-
MD5
6dfdffd81609483c364add6c0de301d4
-
SHA1
19e2a370b503c213d1d06e630d506f13581f5dda
-
SHA256
f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08
-
SHA512
56325014063f368425b2e64f9bd42f428afd77be4e54a7dc0ef5668375a09f266f347e24e63b21435cf7280244ea46f4b90cc06c57a010d2e6fe0e1a225c2030
-
SSDEEP
12288:JMrBy90TiUbBxIE9X7iazS8G/SzC6EVLEOq:EyEBxjXGYSL6EB8
Static task
static1
Behavioral task
behavioral1
Sample
f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08
-
Size
500KB
-
MD5
6dfdffd81609483c364add6c0de301d4
-
SHA1
19e2a370b503c213d1d06e630d506f13581f5dda
-
SHA256
f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08
-
SHA512
56325014063f368425b2e64f9bd42f428afd77be4e54a7dc0ef5668375a09f266f347e24e63b21435cf7280244ea46f4b90cc06c57a010d2e6fe0e1a225c2030
-
SSDEEP
12288:JMrBy90TiUbBxIE9X7iazS8G/SzC6EVLEOq:EyEBxjXGYSL6EB8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1