General
-
Target
0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4
-
Size
545KB
-
Sample
241110-bqqsmsvrez
-
MD5
075d5b32d7cbae22fec177530c0e6848
-
SHA1
aca0b9b2073e16c240058504fd7519fceebdb982
-
SHA256
0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4
-
SHA512
9a848026e9b016888ba381c716b0c54290ccdc224f376287cfa60f1def2c37b891fb6fcf4d40163fe85b8f486051e8c6b542fce656e4c822ea7027c6895def0c
-
SSDEEP
12288:yMrHy90hNfIoKJfX78pZaLHEcX5SDFWEnrycN7VTpS2W:xyANf7IX78faLHEcJqFWEnr55NpHW
Static task
static1
Behavioral task
behavioral1
Sample
0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4
-
Size
545KB
-
MD5
075d5b32d7cbae22fec177530c0e6848
-
SHA1
aca0b9b2073e16c240058504fd7519fceebdb982
-
SHA256
0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4
-
SHA512
9a848026e9b016888ba381c716b0c54290ccdc224f376287cfa60f1def2c37b891fb6fcf4d40163fe85b8f486051e8c6b542fce656e4c822ea7027c6895def0c
-
SSDEEP
12288:yMrHy90hNfIoKJfX78pZaLHEcX5SDFWEnrycN7VTpS2W:xyANf7IX78faLHEcJqFWEnr55NpHW
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1