General
-
Target
c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321
-
Size
537KB
-
Sample
241110-btfrvawfkm
-
MD5
fbac6d328aeb1b270ad8c4d99dc1fbfb
-
SHA1
68155d8c80feaa30df1aad7aa71b0e96e3a38923
-
SHA256
c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321
-
SHA512
22a06a661cb8e37d5fa5d832fadc8ff489811e952f52ca380c7da177534fe9fb12e203b440a71bec2971fb17f9c1e7c87d8c7f7362636ffa765c0888b75cc847
-
SSDEEP
12288:ZMrZy90ys90F7C1JXbm99d9EswyzQ9JRI+/16LIxhoyelpmMwHN:oybsWF+TbcesBIQ+hGlYHN
Static task
static1
Behavioral task
behavioral1
Sample
c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321
-
Size
537KB
-
MD5
fbac6d328aeb1b270ad8c4d99dc1fbfb
-
SHA1
68155d8c80feaa30df1aad7aa71b0e96e3a38923
-
SHA256
c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321
-
SHA512
22a06a661cb8e37d5fa5d832fadc8ff489811e952f52ca380c7da177534fe9fb12e203b440a71bec2971fb17f9c1e7c87d8c7f7362636ffa765c0888b75cc847
-
SSDEEP
12288:ZMrZy90ys90F7C1JXbm99d9EswyzQ9JRI+/16LIxhoyelpmMwHN:oybsWF+TbcesBIQ+hGlYHN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1