General
-
Target
e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e
-
Size
1.0MB
-
Sample
241110-at8xysykep
-
MD5
0627c24a9040e5c3ede5a1904357b70e
-
SHA1
bdd294c6ecba0fb6e95d2c42d302abfef52f7306
-
SHA256
e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e
-
SHA512
67075ce9142b6cd1dad82a877af560aa12a4e4ea00c76a776b04b38c16713dacb41f2fdaf8c9b47279e471822b26310701ebf0ab94f4a9bb70784cc7477c8f04
-
SSDEEP
24576:CyWiLUGQSxgWFUo1B4wWTrDID20MASeZd3qUpcRLs:pWiLUDWFDzuaZRLP2
Static task
static1
Behavioral task
behavioral1
Sample
e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e
-
Size
1.0MB
-
MD5
0627c24a9040e5c3ede5a1904357b70e
-
SHA1
bdd294c6ecba0fb6e95d2c42d302abfef52f7306
-
SHA256
e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e
-
SHA512
67075ce9142b6cd1dad82a877af560aa12a4e4ea00c76a776b04b38c16713dacb41f2fdaf8c9b47279e471822b26310701ebf0ab94f4a9bb70784cc7477c8f04
-
SSDEEP
24576:CyWiLUGQSxgWFUo1B4wWTrDID20MASeZd3qUpcRLs:pWiLUDWFDzuaZRLP2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1