General
-
Target
fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261
-
Size
477KB
-
Sample
241109-v1vn5ayfqj
-
MD5
9ca464b7586f1566d4b46cf4b6be03ed
-
SHA1
8b26d171bba661edbc96afb20de6dc8c113d705e
-
SHA256
fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261
-
SHA512
57cf1974c8198987320e626be179c7e2f7e72bf909883cfaad20493255d9f410291dc4d7ea328a72bfb5794c3a604dea3238f0e1ca7c2d31f0281f757e25da76
-
SSDEEP
12288:pMrSy90YC08RUoUxyJiCyM1QrBypPd7EcNJExGd9Ldn6XmRnrWZ:jyzBxy4kDn7EcH4Y9HnrI
Static task
static1
Behavioral task
behavioral1
Sample
fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261
-
Size
477KB
-
MD5
9ca464b7586f1566d4b46cf4b6be03ed
-
SHA1
8b26d171bba661edbc96afb20de6dc8c113d705e
-
SHA256
fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261
-
SHA512
57cf1974c8198987320e626be179c7e2f7e72bf909883cfaad20493255d9f410291dc4d7ea328a72bfb5794c3a604dea3238f0e1ca7c2d31f0281f757e25da76
-
SSDEEP
12288:pMrSy90YC08RUoUxyJiCyM1QrBypPd7EcNJExGd9Ldn6XmRnrWZ:jyzBxy4kDn7EcH4Y9HnrI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1