General
-
Target
bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b
-
Size
1.5MB
-
Sample
241109-x63yss1ame
-
MD5
05674de10c9fa37dcb7a356647269426
-
SHA1
7774bd25546a27492227e94c8433a0998348eac3
-
SHA256
bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b
-
SHA512
a6b585912c244745f5ee6e940a19748c7137a2026827bda928bc04f57a9906c3dd31469069f793b5957860cb216ee3666f5032308888c521aecf98241e74e73f
-
SSDEEP
24576:OyMb9vGRkOv0G68fwKgiqoOP/i+TmGO7WgtaD7lA99hojPRjnz4ev1U1cIfc14Ay:d8UGGTltqN3bTMjwDpA94Px5tU104A
Static task
static1
Behavioral task
behavioral1
Sample
bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b
-
Size
1.5MB
-
MD5
05674de10c9fa37dcb7a356647269426
-
SHA1
7774bd25546a27492227e94c8433a0998348eac3
-
SHA256
bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b
-
SHA512
a6b585912c244745f5ee6e940a19748c7137a2026827bda928bc04f57a9906c3dd31469069f793b5957860cb216ee3666f5032308888c521aecf98241e74e73f
-
SSDEEP
24576:OyMb9vGRkOv0G68fwKgiqoOP/i+TmGO7WgtaD7lA99hojPRjnz4ev1U1cIfc14Ay:d8UGGTltqN3bTMjwDpA94Px5tU104A
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1