General
-
Target
94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c
-
Size
526KB
-
Sample
241109-xqr7csyrgt
-
MD5
24a88c3e32d395f96d82d95c38a765d2
-
SHA1
9e893432528e16ae168ea2713f338e26dfcd64e5
-
SHA256
94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c
-
SHA512
b1409b905395f2601904bd182e56611c27d19240b6b38da90bfb5fd62dd84013bba5e0e6ec458a77183961f6651740f4a8980dcd55ded7a1fbc8a86c6bb9fbaf
-
SSDEEP
12288:PMrvy90ZRmLfRREkTu+vCPuD7NhH1+6q1Sd7x3YB:Yy3/EkT7aPuDjc6muSB
Static task
static1
Behavioral task
behavioral1
Sample
94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c
-
Size
526KB
-
MD5
24a88c3e32d395f96d82d95c38a765d2
-
SHA1
9e893432528e16ae168ea2713f338e26dfcd64e5
-
SHA256
94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c
-
SHA512
b1409b905395f2601904bd182e56611c27d19240b6b38da90bfb5fd62dd84013bba5e0e6ec458a77183961f6651740f4a8980dcd55ded7a1fbc8a86c6bb9fbaf
-
SSDEEP
12288:PMrvy90ZRmLfRREkTu+vCPuD7NhH1+6q1Sd7x3YB:Yy3/EkT7aPuDjc6muSB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1