General
-
Target
1fda1039c8060a1e5ca2442b4e239f1192e3ce4ba18bce6044c25f6c68c1fc68
-
Size
815KB
-
Sample
241109-xs2tkssrbr
-
MD5
f5a9b33a0259ab94515456f9cc5de5c5
-
SHA1
89272fbd0c5b9c386ec4c7d748a22b330665b5b8
-
SHA256
1fda1039c8060a1e5ca2442b4e239f1192e3ce4ba18bce6044c25f6c68c1fc68
-
SHA512
0e4bbb25a0e162752e4894e9f20e367b6e59f7f7caf18f4d4b0f00a4cd28dc6a7b3b34e548cbf25f3d56ff734687c97eb29a14f275059332d9f64977e4b867f3
-
SSDEEP
12288:by903FAixx219QRWPAfxR4x2mkZKtPk8P83aDWLRhlQzy5IM0eldonN:byUCxglp2Qb0tPT8mWLZygZ0dN
Static task
static1
Behavioral task
behavioral1
Sample
1fda1039c8060a1e5ca2442b4e239f1192e3ce4ba18bce6044c25f6c68c1fc68.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
1fda1039c8060a1e5ca2442b4e239f1192e3ce4ba18bce6044c25f6c68c1fc68
-
Size
815KB
-
MD5
f5a9b33a0259ab94515456f9cc5de5c5
-
SHA1
89272fbd0c5b9c386ec4c7d748a22b330665b5b8
-
SHA256
1fda1039c8060a1e5ca2442b4e239f1192e3ce4ba18bce6044c25f6c68c1fc68
-
SHA512
0e4bbb25a0e162752e4894e9f20e367b6e59f7f7caf18f4d4b0f00a4cd28dc6a7b3b34e548cbf25f3d56ff734687c97eb29a14f275059332d9f64977e4b867f3
-
SSDEEP
12288:by903FAixx219QRWPAfxR4x2mkZKtPk8P83aDWLRhlQzy5IM0eldonN:byUCxglp2Qb0tPT8mWLZygZ0dN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1