General
-
Target
468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e
-
Size
1.1MB
-
Sample
241110-b7agzswlfy
-
MD5
cb9940bf4bb63172289a65b954a5b487
-
SHA1
43cc0fa3a63ec8adf0d9662185729ee7e5a0cadb
-
SHA256
468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e
-
SHA512
554bc60218001c7f9e51e88ca0ea658ad328ceede4cdb4f5869decdf38ceb551b25362cc118d71b2bb300cbd609bead922cc7dc2cb37dda608bccc9069453104
-
SSDEEP
24576:tyh3mA4B8wcTO9PfU31KzHRfNf+YouCUtvB+Z0:Ih3m1cO9nU3AHb2tUpg
Static task
static1
Behavioral task
behavioral1
Sample
468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e
-
Size
1.1MB
-
MD5
cb9940bf4bb63172289a65b954a5b487
-
SHA1
43cc0fa3a63ec8adf0d9662185729ee7e5a0cadb
-
SHA256
468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e
-
SHA512
554bc60218001c7f9e51e88ca0ea658ad328ceede4cdb4f5869decdf38ceb551b25362cc118d71b2bb300cbd609bead922cc7dc2cb37dda608bccc9069453104
-
SSDEEP
24576:tyh3mA4B8wcTO9PfU31KzHRfNf+YouCUtvB+Z0:Ih3m1cO9nU3AHb2tUpg
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1