General
-
Target
84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a
-
Size
479KB
-
Sample
241109-x29wjs1ajj
-
MD5
27f883b44e9b074d18c0992bdedcbb5b
-
SHA1
882c19e7086c59665477a13ba778af01c68132c0
-
SHA256
84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a
-
SHA512
dd3092b66717cc5ba5988b99f725c08bcc4c95852dee0823ea198b70faa78143f5ee727086cc77b783a378c1434b26c7cb961347e0d26b82fd29a2d1e24c0547
-
SSDEEP
12288:LMrmy90Cm/6GQkOYBc/9a3WcbeVAq1GwqB99Zqu9GmHdaXrbZoy:NyfwQJic/03dbeN1Gtb97kl
Static task
static1
Behavioral task
behavioral1
Sample
84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dippo
217.196.96.102:4132
-
auth_value
79490ff628fd6af3b29170c3c163874b
Targets
-
-
Target
84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a
-
Size
479KB
-
MD5
27f883b44e9b074d18c0992bdedcbb5b
-
SHA1
882c19e7086c59665477a13ba778af01c68132c0
-
SHA256
84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a
-
SHA512
dd3092b66717cc5ba5988b99f725c08bcc4c95852dee0823ea198b70faa78143f5ee727086cc77b783a378c1434b26c7cb961347e0d26b82fd29a2d1e24c0547
-
SSDEEP
12288:LMrmy90Cm/6GQkOYBc/9a3WcbeVAq1GwqB99Zqu9GmHdaXrbZoy:NyfwQJic/03dbeN1Gtb97kl
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1