General
-
Target
cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e
-
Size
1.2MB
-
Sample
241109-xvhhqasrdm
-
MD5
ac1510466e6364b9728c1c72e8b7e224
-
SHA1
f0b6cdd5ef1efd204c866ce3f331f59579e49a2d
-
SHA256
cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e
-
SHA512
5f2786314aec8e8998af356cdca981ead39b2d8411274a8dfe1ca1da78c157e03df96ac451427fba18e969aac6e1c84cdca802219f1d97d01ffa59ce96b3b796
-
SSDEEP
24576:W9h9DPt4hMaYTFBwZRvrtKJk5vZssiYQbrAfUPR:W/9D14dYTP85rtZ5TT4Af
Static task
static1
Behavioral task
behavioral1
Sample
cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e
-
Size
1.2MB
-
MD5
ac1510466e6364b9728c1c72e8b7e224
-
SHA1
f0b6cdd5ef1efd204c866ce3f331f59579e49a2d
-
SHA256
cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e
-
SHA512
5f2786314aec8e8998af356cdca981ead39b2d8411274a8dfe1ca1da78c157e03df96ac451427fba18e969aac6e1c84cdca802219f1d97d01ffa59ce96b3b796
-
SSDEEP
24576:W9h9DPt4hMaYTFBwZRvrtKJk5vZssiYQbrAfUPR:W/9D14dYTP85rtZ5TT4Af
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1