General
-
Target
3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e
-
Size
1.3MB
-
Sample
241110-bvjvwswgqh
-
MD5
cfdb853d39290853fc5e1d519117ba57
-
SHA1
7a27f02fa637fde74e451007e31c5119b0fff854
-
SHA256
3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e
-
SHA512
75526f6cd15155622e9fa4863cfe77deb3765f3207d72108f7fba2a44a0b12ce37eaf224607ec04d6574fb42f3c5c4b8df8ed6cbc610ef7da16d596f876c7618
-
SSDEEP
24576:1yL3+dueA7n2+HWZJCV48YC0dcIZtBUdMyYwvkMp7k:Qz+NK/2ZJCVFGdzZtq3YGko7
Static task
static1
Behavioral task
behavioral1
Sample
3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronur
193.233.20.20:4134
-
auth_value
f88f86755a528d4b25f6f3628c460965
Targets
-
-
Target
3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e
-
Size
1.3MB
-
MD5
cfdb853d39290853fc5e1d519117ba57
-
SHA1
7a27f02fa637fde74e451007e31c5119b0fff854
-
SHA256
3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e
-
SHA512
75526f6cd15155622e9fa4863cfe77deb3765f3207d72108f7fba2a44a0b12ce37eaf224607ec04d6574fb42f3c5c4b8df8ed6cbc610ef7da16d596f876c7618
-
SSDEEP
24576:1yL3+dueA7n2+HWZJCV48YC0dcIZtBUdMyYwvkMp7k:Qz+NK/2ZJCVFGdzZtq3YGko7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1