General
-
Target
e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a
-
Size
530KB
-
Sample
241109-xscvfszfqa
-
MD5
fb4fb39d84538bb1ebc4842e1f3a05d5
-
SHA1
95518b4916fd47c4d1c2cd71c100479efd66c719
-
SHA256
e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a
-
SHA512
d499a35abcbf535632fee1b7682217254b02444f5ee0e08b8572488bc7d46f407ef0fca8ed2fe420b1a1866a968aa3b9cebbb178869d2444c7ba1d3648fa9bc6
-
SSDEEP
12288:ZMrjy90EDjZtheR4nPBzIlDzB6MG0vkFZuJiysoE21:+yp313P4sYvssiysoJ
Static task
static1
Behavioral task
behavioral1
Sample
e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a
-
Size
530KB
-
MD5
fb4fb39d84538bb1ebc4842e1f3a05d5
-
SHA1
95518b4916fd47c4d1c2cd71c100479efd66c719
-
SHA256
e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a
-
SHA512
d499a35abcbf535632fee1b7682217254b02444f5ee0e08b8572488bc7d46f407ef0fca8ed2fe420b1a1866a968aa3b9cebbb178869d2444c7ba1d3648fa9bc6
-
SSDEEP
12288:ZMrjy90EDjZtheR4nPBzIlDzB6MG0vkFZuJiysoE21:+yp313P4sYvssiysoJ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1