General
-
Target
0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1
-
Size
562KB
-
Sample
241110-btd81syrdp
-
MD5
6461965a4cf476078b1f0e645b08df10
-
SHA1
ed665d9d0b4d9175ae88d321788ca5424e5f2d24
-
SHA256
0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1
-
SHA512
3f816ccfe324da4a28e7079e9081143cc17336b55a2fa63ca30ccc865be46c57c7a311d0f7ba2d0543ab21924d1147a6c98b3525c0f219565f5e02919d7eefde
-
SSDEEP
12288:RMr+y90H2D56be7jyeAM1HE9OoFYi/bS83T7SsTlDs2B:byf6yPLHToFYq/Ttae
Static task
static1
Behavioral task
behavioral1
Sample
0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1
-
Size
562KB
-
MD5
6461965a4cf476078b1f0e645b08df10
-
SHA1
ed665d9d0b4d9175ae88d321788ca5424e5f2d24
-
SHA256
0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1
-
SHA512
3f816ccfe324da4a28e7079e9081143cc17336b55a2fa63ca30ccc865be46c57c7a311d0f7ba2d0543ab21924d1147a6c98b3525c0f219565f5e02919d7eefde
-
SSDEEP
12288:RMr+y90H2D56be7jyeAM1HE9OoFYi/bS83T7SsTlDs2B:byf6yPLHToFYq/Ttae
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1