General
-
Target
161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8
-
Size
1.2MB
-
Sample
241110-bv61esyrgn
-
MD5
65f47713a73156d69e3a5f3c6fdeab55
-
SHA1
ddddadb3ac1b1d49d9bd42ef3bc782536d5acd81
-
SHA256
161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8
-
SHA512
aa36ee2f52f8e17e938b9db662b05eb155f4ad405c30eedb9e1f83c87c9540ce8db06bdca08071628bb48fb23ce493df8c133d26819a0f58f5e94df80a040caa
-
SSDEEP
24576:XybGVqieoRM9QatlZEefRs+8Ssc3z2Sl33eP50CnKR1oa:ibGkieoOdjXf+PZc3z2y3jV
Static task
static1
Behavioral task
behavioral1
Sample
161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
masta
185.161.248.75:4132
-
auth_value
57f23b6b74d0f680c5a0c8ac9f52bd75
Targets
-
-
Target
161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8
-
Size
1.2MB
-
MD5
65f47713a73156d69e3a5f3c6fdeab55
-
SHA1
ddddadb3ac1b1d49d9bd42ef3bc782536d5acd81
-
SHA256
161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8
-
SHA512
aa36ee2f52f8e17e938b9db662b05eb155f4ad405c30eedb9e1f83c87c9540ce8db06bdca08071628bb48fb23ce493df8c133d26819a0f58f5e94df80a040caa
-
SSDEEP
24576:XybGVqieoRM9QatlZEefRs+8Ssc3z2Sl33eP50CnKR1oa:ibGkieoOdjXf+PZc3z2y3jV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-