General
-
Target
902bedc5fd027a0f3c97d9b617dc91b652689d2f21e75f8998463ee8fb6bc5ff
-
Size
530KB
-
Sample
241110-aq2z8swalf
-
MD5
8d70a50b1ff0649ab56529755b111bea
-
SHA1
dd703dbf191395002ee947c7212466c1241738eb
-
SHA256
902bedc5fd027a0f3c97d9b617dc91b652689d2f21e75f8998463ee8fb6bc5ff
-
SHA512
d2d5f817d34836d9489a2dcceab32ea68f9f976b345485cca9f5e1006a4c92db61611d1f2a16757c7ba8aa5ae17cef6cd6a3ecb5f41d5d21327d966a827972e7
-
SSDEEP
12288:rMr5y90mIME/w6AdwrQNtf7vCRiIPtDlwDfXbw:KyEZo6ARsRDlwDfrw
Static task
static1
Behavioral task
behavioral1
Sample
902bedc5fd027a0f3c97d9b617dc91b652689d2f21e75f8998463ee8fb6bc5ff.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
902bedc5fd027a0f3c97d9b617dc91b652689d2f21e75f8998463ee8fb6bc5ff
-
Size
530KB
-
MD5
8d70a50b1ff0649ab56529755b111bea
-
SHA1
dd703dbf191395002ee947c7212466c1241738eb
-
SHA256
902bedc5fd027a0f3c97d9b617dc91b652689d2f21e75f8998463ee8fb6bc5ff
-
SHA512
d2d5f817d34836d9489a2dcceab32ea68f9f976b345485cca9f5e1006a4c92db61611d1f2a16757c7ba8aa5ae17cef6cd6a3ecb5f41d5d21327d966a827972e7
-
SSDEEP
12288:rMr5y90mIME/w6AdwrQNtf7vCRiIPtDlwDfXbw:KyEZo6ARsRDlwDfrw
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1