General
-
Target
24dd57b798b0f9953c5665ef6dd35bd8f87aa00f67cb8de8eb46601f1121b9b2
-
Size
386KB
-
Sample
241110-bz42mawglk
-
MD5
cce57c114f6bcd392c7fae4b05bb8b8f
-
SHA1
65625ee6446c39eabffe405d7284d40d019c152e
-
SHA256
24dd57b798b0f9953c5665ef6dd35bd8f87aa00f67cb8de8eb46601f1121b9b2
-
SHA512
6881c8656b2b20a02001329be73cc7dcde1880c2e14324da3b8c8af9e5a0b4d18f009845a16def8f0dd24f02e91c9e4821f99afc8b0c6513b40d84723f19a7f7
-
SSDEEP
6144:Koy+bnr+cp0yN90QEwAMqbmSVnSlq49gs4e5lCJyY8WvLBEyvQZOQJIkVnO:oMrAy90ZbmRqqn4euJyY8MFEUQjZo
Static task
static1
Behavioral task
behavioral1
Sample
24dd57b798b0f9953c5665ef6dd35bd8f87aa00f67cb8de8eb46601f1121b9b2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
24dd57b798b0f9953c5665ef6dd35bd8f87aa00f67cb8de8eb46601f1121b9b2
-
Size
386KB
-
MD5
cce57c114f6bcd392c7fae4b05bb8b8f
-
SHA1
65625ee6446c39eabffe405d7284d40d019c152e
-
SHA256
24dd57b798b0f9953c5665ef6dd35bd8f87aa00f67cb8de8eb46601f1121b9b2
-
SHA512
6881c8656b2b20a02001329be73cc7dcde1880c2e14324da3b8c8af9e5a0b4d18f009845a16def8f0dd24f02e91c9e4821f99afc8b0c6513b40d84723f19a7f7
-
SSDEEP
6144:Koy+bnr+cp0yN90QEwAMqbmSVnSlq49gs4e5lCJyY8WvLBEyvQZOQJIkVnO:oMrAy90ZbmRqqn4euJyY8MFEUQjZo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1