General
-
Target
f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad
-
Size
687KB
-
Sample
241110-byjpaszjcp
-
MD5
58b902d701362396602ee2ab59f924de
-
SHA1
d8850d3cf228cf75f4eb4f36cf116e3a12738510
-
SHA256
f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad
-
SHA512
de4f026a9b57db5528d68096f39d15874e308bf8e742790f148dc02574a48b4bea374676881645e4bf406e8a68e611acf176d5fe46ea0e32a602269318fef9d9
-
SSDEEP
12288:QMr0y908nbtcpKTe86HgQIXfNILcs3DpsIwftlM6EyMKK96muSKJkoaD:0ynuITigQMGcs3dtwfH7b8//KJ5g
Static task
static1
Behavioral task
behavioral1
Sample
f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad
-
Size
687KB
-
MD5
58b902d701362396602ee2ab59f924de
-
SHA1
d8850d3cf228cf75f4eb4f36cf116e3a12738510
-
SHA256
f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad
-
SHA512
de4f026a9b57db5528d68096f39d15874e308bf8e742790f148dc02574a48b4bea374676881645e4bf406e8a68e611acf176d5fe46ea0e32a602269318fef9d9
-
SSDEEP
12288:QMr0y908nbtcpKTe86HgQIXfNILcs3DpsIwftlM6EyMKK96muSKJkoaD:0ynuITigQMGcs3dtwfH7b8//KJ5g
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1