General
-
Target
cf4074e17cb43ee300e8dfb555986a2b73c24db9d3e5c74e17448522ab47cd70
-
Size
560KB
-
Sample
241109-xpxqfszfnp
-
MD5
ef1ee8f5b455b2e5d7848c05bcb87696
-
SHA1
727434c56d3d4f0b64531abb26e0bf1b4c4bd6b7
-
SHA256
cf4074e17cb43ee300e8dfb555986a2b73c24db9d3e5c74e17448522ab47cd70
-
SHA512
b888500de3a1ba81abaf4c80486165440b3c0656aec7c43675bd4f6e84967a621365e4d56a827ffe73092cb1361eab001e9f7bb127576c19e0537fa60d11c0e2
-
SSDEEP
12288:qMrCy90ePZK0Rmr5fxUnPjGa7PLD4y9bnmGhR8Fc:Ey/FRA79a7PLDL9bmi2Fc
Static task
static1
Behavioral task
behavioral1
Sample
cf4074e17cb43ee300e8dfb555986a2b73c24db9d3e5c74e17448522ab47cd70.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
cf4074e17cb43ee300e8dfb555986a2b73c24db9d3e5c74e17448522ab47cd70
-
Size
560KB
-
MD5
ef1ee8f5b455b2e5d7848c05bcb87696
-
SHA1
727434c56d3d4f0b64531abb26e0bf1b4c4bd6b7
-
SHA256
cf4074e17cb43ee300e8dfb555986a2b73c24db9d3e5c74e17448522ab47cd70
-
SHA512
b888500de3a1ba81abaf4c80486165440b3c0656aec7c43675bd4f6e84967a621365e4d56a827ffe73092cb1361eab001e9f7bb127576c19e0537fa60d11c0e2
-
SSDEEP
12288:qMrCy90ePZK0Rmr5fxUnPjGa7PLD4y9bnmGhR8Fc:Ey/FRA79a7PLDL9bmi2Fc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1