General
-
Target
6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24
-
Size
530KB
-
Sample
241110-b3bjgszkdl
-
MD5
5a3d0fff06b5ef9ae2813c537eefe215
-
SHA1
083593db18db69a502a651e6d3c5c5523ffccbeb
-
SHA256
6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24
-
SHA512
8614dd98ed867c62fd86cabd8e11ef83b121f31cad6dd5e436adb850b0f2a57796dc5858332d877ca25b28116ffd84789771b4d5a7ae3641fd2b8a1395821303
-
SSDEEP
12288:xMr8y90aib99mP7Jf7zmrXWKjDomqFcwe48GEKpCPIrq75qpttJT:5y4h9+JPAX93omcBi5VItJT
Static task
static1
Behavioral task
behavioral1
Sample
6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24
-
Size
530KB
-
MD5
5a3d0fff06b5ef9ae2813c537eefe215
-
SHA1
083593db18db69a502a651e6d3c5c5523ffccbeb
-
SHA256
6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24
-
SHA512
8614dd98ed867c62fd86cabd8e11ef83b121f31cad6dd5e436adb850b0f2a57796dc5858332d877ca25b28116ffd84789771b4d5a7ae3641fd2b8a1395821303
-
SSDEEP
12288:xMr8y90aib99mP7Jf7zmrXWKjDomqFcwe48GEKpCPIrq75qpttJT:5y4h9+JPAX93omcBi5VItJT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1