General
-
Target
224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12
-
Size
489KB
-
Sample
241110-a6sfqswcmc
-
MD5
f3cd9829333a3ba2fac730636df6b3d6
-
SHA1
8b110975e4cb48e30f4b7c1ab6f0e716b35ac221
-
SHA256
224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12
-
SHA512
89943f9336fdbce0f490fc352349550a6ec9735c5fd1a754a12eb6fd4412caac644c8841c718b48b50d6310fb9c7361a286e0460307c585a9d0ad700c7668401
-
SSDEEP
12288:FMrIy90Vnqk0/pUR6hO2K+WgFcerp2/jVqBbn64YRuT:NyK8eCNY7Vy6PUT
Static task
static1
Behavioral task
behavioral1
Sample
224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lulsa
217.196.96.101:4132
-
auth_value
2bb8e3870ce0ad119d2840b124222121
Targets
-
-
Target
224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12
-
Size
489KB
-
MD5
f3cd9829333a3ba2fac730636df6b3d6
-
SHA1
8b110975e4cb48e30f4b7c1ab6f0e716b35ac221
-
SHA256
224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12
-
SHA512
89943f9336fdbce0f490fc352349550a6ec9735c5fd1a754a12eb6fd4412caac644c8841c718b48b50d6310fb9c7361a286e0460307c585a9d0ad700c7668401
-
SSDEEP
12288:FMrIy90Vnqk0/pUR6hO2K+WgFcerp2/jVqBbn64YRuT:NyK8eCNY7Vy6PUT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1