General
-
Target
56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4
-
Size
821KB
-
Sample
241110-bpkv1avrcy
-
MD5
dd8421502b4f001f8117bbd26b91de2a
-
SHA1
6a5db840a9759ea3c1a59ddfc47fc6098ef021be
-
SHA256
56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4
-
SHA512
e8665e126b1df53e50d21249023aa62ff37b5053ad30600dbfca7f01070bead4dd6f812118ca0c6f99aabdc23596cb8b8fa6584b43e70531289aec7a6f6badd5
-
SSDEEP
12288:PMrqy908q/hj54pM7hmH1lHM/Z4Avf7Q+wyCEk1pG1AinfcMdvGPTBDPjz2:VyJq/NCEhiM/6Py63SbfcS8TBbjz2
Static task
static1
Behavioral task
behavioral1
Sample
56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4
-
Size
821KB
-
MD5
dd8421502b4f001f8117bbd26b91de2a
-
SHA1
6a5db840a9759ea3c1a59ddfc47fc6098ef021be
-
SHA256
56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4
-
SHA512
e8665e126b1df53e50d21249023aa62ff37b5053ad30600dbfca7f01070bead4dd6f812118ca0c6f99aabdc23596cb8b8fa6584b43e70531289aec7a6f6badd5
-
SSDEEP
12288:PMrqy908q/hj54pM7hmH1lHM/Z4Avf7Q+wyCEk1pG1AinfcMdvGPTBDPjz2:VyJq/NCEhiM/6Py63SbfcS8TBbjz2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1