General
-
Target
016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933
-
Size
689KB
-
Sample
241109-zavcws1hmj
-
MD5
5f25884763f171fd222a6dd539c1d057
-
SHA1
4ad4451b63bc8aa8ed25e76a1b1fa177c8eba100
-
SHA256
016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933
-
SHA512
a9cc596fe53e8b98d8fa77cc80d03be7ff0e397b4567b59a5fac6f89af6fde466f1bd668a91c5d9c16ce721e37ad981f26cdf0dca834aefa5651e247e0275dfb
-
SSDEEP
12288:MMr0y90tuB2bs9jn38eVrB+iOH3vyCWNMlf3ny9lKQaAx1i0ZgddBWnYQ1NQ:QyH2Q9rtVrBS/N8MVe0QaAxJZUdYYES
Static task
static1
Behavioral task
behavioral1
Sample
016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933
-
Size
689KB
-
MD5
5f25884763f171fd222a6dd539c1d057
-
SHA1
4ad4451b63bc8aa8ed25e76a1b1fa177c8eba100
-
SHA256
016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933
-
SHA512
a9cc596fe53e8b98d8fa77cc80d03be7ff0e397b4567b59a5fac6f89af6fde466f1bd668a91c5d9c16ce721e37ad981f26cdf0dca834aefa5651e247e0275dfb
-
SSDEEP
12288:MMr0y90tuB2bs9jn38eVrB+iOH3vyCWNMlf3ny9lKQaAx1i0ZgddBWnYQ1NQ:QyH2Q9rtVrBS/N8MVe0QaAxJZUdYYES
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1