General
-
Target
0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8
-
Size
836KB
-
Sample
241109-x5376szlcy
-
MD5
ce8ef1c02582937e159390d6a71f0a7e
-
SHA1
0004c774a6d22f7b976eab2bf6c7237c3c5e3c18
-
SHA256
0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8
-
SHA512
ccba6403d8d855e21a4ee6fc3a1246a44dfc5278c8f10b2f07cbc9cbb33684fb3173117ab07344452138382601d99a201d16f5ac88af723f5e43fdd5a14547d8
-
SSDEEP
24576:oyjHkY9zEC4Koi7Rk24eYWsDJ31ix/FYT:vdRgq77st3E/F
Static task
static1
Behavioral task
behavioral1
Sample
0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8
-
Size
836KB
-
MD5
ce8ef1c02582937e159390d6a71f0a7e
-
SHA1
0004c774a6d22f7b976eab2bf6c7237c3c5e3c18
-
SHA256
0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8
-
SHA512
ccba6403d8d855e21a4ee6fc3a1246a44dfc5278c8f10b2f07cbc9cbb33684fb3173117ab07344452138382601d99a201d16f5ac88af723f5e43fdd5a14547d8
-
SSDEEP
24576:oyjHkY9zEC4Koi7Rk24eYWsDJ31ix/FYT:vdRgq77st3E/F
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1