General
-
Target
81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30
-
Size
766KB
-
Sample
241110-cfs1pazmgj
-
MD5
2dbff046d0b0ac35cf165e09c35e12e6
-
SHA1
5e54b5371cc5800c0d99fde82e2a71de1d3105fd
-
SHA256
81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30
-
SHA512
a37063e57601afe092dcd2938220644172e7531cd5fc6453a2bf16fa74dfdcc1ab99c14b492c3f0f41ec2e7992b24a1c1192a9f1563aef6e2900c88b3288861c
-
SSDEEP
12288:mMrYy90gij1IK8paSBKiRfgIGcLC9nCaHs0eUgPozF2lmXotPZmbxOtPYjUQQR95:OyE1IK8plB7RoIGagCaM0OohaFmsQQR/
Static task
static1
Behavioral task
behavioral1
Sample
81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Targets
-
-
Target
81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30
-
Size
766KB
-
MD5
2dbff046d0b0ac35cf165e09c35e12e6
-
SHA1
5e54b5371cc5800c0d99fde82e2a71de1d3105fd
-
SHA256
81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30
-
SHA512
a37063e57601afe092dcd2938220644172e7531cd5fc6453a2bf16fa74dfdcc1ab99c14b492c3f0f41ec2e7992b24a1c1192a9f1563aef6e2900c88b3288861c
-
SSDEEP
12288:mMrYy90gij1IK8paSBKiRfgIGcLC9nCaHs0eUgPozF2lmXotPZmbxOtPYjUQQR95:OyE1IK8plB7RoIGagCaM0OohaFmsQQR/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1