General
-
Target
e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765
-
Size
476KB
-
Sample
241109-tx3pwsxgpg
-
MD5
af95cc724192774c2d2adf95edc3e8b0
-
SHA1
448cc9496cb6da63a5462c72c9f575ba2786acc9
-
SHA256
e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765
-
SHA512
84cb0c8b7d06a8f5cd5de9ac50e8343df92d5d4c6bd6dd562271ef82e63e601c0225b8fad3b41fab37f91b22e14804d651a251529ae35ffc875054ea64ea9136
-
SSDEEP
12288:9Mr4y90JEtLP4BVJVcZUJ3NGwqP+ZuGuDnFu+Q:NyOSLg3BGGupQ
Static task
static1
Behavioral task
behavioral1
Sample
e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765
-
Size
476KB
-
MD5
af95cc724192774c2d2adf95edc3e8b0
-
SHA1
448cc9496cb6da63a5462c72c9f575ba2786acc9
-
SHA256
e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765
-
SHA512
84cb0c8b7d06a8f5cd5de9ac50e8343df92d5d4c6bd6dd562271ef82e63e601c0225b8fad3b41fab37f91b22e14804d651a251529ae35ffc875054ea64ea9136
-
SSDEEP
12288:9Mr4y90JEtLP4BVJVcZUJ3NGwqP+ZuGuDnFu+Q:NyOSLg3BGGupQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1