General
-
Target
6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514
-
Size
1.4MB
-
Sample
241109-y6j2cstrdl
-
MD5
fb63e88c2882b510fd10ead70fc3b0e7
-
SHA1
a845d1495f1a174163c0261723d93a7ff7505dcf
-
SHA256
6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514
-
SHA512
a9356a3978c031effad99d63d975a9e7faaee07487906ac09a02bd7172506c243d77e0b53faa79dc3fcf9787cb7016f8d758c57a2736a206e6ac70987dfc62b3
-
SSDEEP
24576:Ly7b0rK22Q+o1iWFM0s5EqTov0qn+3pVJYP2IDiP6OzhyhLdxxHEw31/T2x/Op9:+7b0m22Lob2g0I+33+DiP60yh5xxHEwF
Static task
static1
Behavioral task
behavioral1
Sample
6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514
-
Size
1.4MB
-
MD5
fb63e88c2882b510fd10ead70fc3b0e7
-
SHA1
a845d1495f1a174163c0261723d93a7ff7505dcf
-
SHA256
6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514
-
SHA512
a9356a3978c031effad99d63d975a9e7faaee07487906ac09a02bd7172506c243d77e0b53faa79dc3fcf9787cb7016f8d758c57a2736a206e6ac70987dfc62b3
-
SSDEEP
24576:Ly7b0rK22Q+o1iWFM0s5EqTov0qn+3pVJYP2IDiP6OzhyhLdxxHEw31/T2x/Op9:+7b0m22Lob2g0I+33+DiP60yh5xxHEwF
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1