General
-
Target
af029a3f7cb303559b37b0642abea69dff03c53fb70c0369dc252c11136540c6
-
Size
554KB
-
Sample
241110-cfne7sxcnd
-
MD5
204805eab63df1281628970c48c8d767
-
SHA1
e5ae3e415a9842bf0b2737a2adaf955cffba54c0
-
SHA256
af029a3f7cb303559b37b0642abea69dff03c53fb70c0369dc252c11136540c6
-
SHA512
41da863a0675faf4ffb41bf3c0d6a1e506549dee556af06416624fb16b88325854fa27fae0548db5ab5e129818eb56fe8f4074707fb0c88ce646821e70530ee0
-
SSDEEP
12288:gMrgy90hMnMJ1fRd/MexcRs3dWLyQcLwt4gZ12g9aM2:Qytu3gr4XgV2
Static task
static1
Behavioral task
behavioral1
Sample
af029a3f7cb303559b37b0642abea69dff03c53fb70c0369dc252c11136540c6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
af029a3f7cb303559b37b0642abea69dff03c53fb70c0369dc252c11136540c6
-
Size
554KB
-
MD5
204805eab63df1281628970c48c8d767
-
SHA1
e5ae3e415a9842bf0b2737a2adaf955cffba54c0
-
SHA256
af029a3f7cb303559b37b0642abea69dff03c53fb70c0369dc252c11136540c6
-
SHA512
41da863a0675faf4ffb41bf3c0d6a1e506549dee556af06416624fb16b88325854fa27fae0548db5ab5e129818eb56fe8f4074707fb0c88ce646821e70530ee0
-
SSDEEP
12288:gMrgy90hMnMJ1fRd/MexcRs3dWLyQcLwt4gZ12g9aM2:Qytu3gr4XgV2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1