General
-
Target
30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b
-
Size
482KB
-
Sample
241110-avtjnaware
-
MD5
f746cfab0d621936ae113df2cb658d29
-
SHA1
33ae624a6cc64756464b82ae162d94e4bd6179e4
-
SHA256
30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b
-
SHA512
c96beea62bd775723d329b915a2ee3313af53f31910a32ffbe4c38f127e6693f927c38f0e9fa72dc879bf12561a4c22c3bc3c1cab36a254acb917168df0a03bc
-
SSDEEP
12288:UMr2y90lXVFbpX8IuSQHXENDjjz6eiF3Dg:yyUVppX8THXENDXPG3Dg
Static task
static1
Behavioral task
behavioral1
Sample
30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b
-
Size
482KB
-
MD5
f746cfab0d621936ae113df2cb658d29
-
SHA1
33ae624a6cc64756464b82ae162d94e4bd6179e4
-
SHA256
30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b
-
SHA512
c96beea62bd775723d329b915a2ee3313af53f31910a32ffbe4c38f127e6693f927c38f0e9fa72dc879bf12561a4c22c3bc3c1cab36a254acb917168df0a03bc
-
SSDEEP
12288:UMr2y90lXVFbpX8IuSQHXENDjjz6eiF3Dg:yyUVppX8THXENDXPG3Dg
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1