General
-
Target
dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620
-
Size
540KB
-
Sample
241110-cmcx2swpfs
-
MD5
d72131bd8a2940d0ee116bfbda70de30
-
SHA1
5ec69148b94b80c42aca478d91c0fc59e5c7d968
-
SHA256
dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620
-
SHA512
87ed6c40cb3691d27131e319c484b7d57287fa8232b2bcfff1246081724e677b2f89aa7923a8c49bf8dd783be70c553945b7c1810458461e7f3b8b1869e4868f
-
SSDEEP
12288:0Mrby90OkH7+ieLkbFfsRbrsRHSr+n7m70WKWmlKugV2+:PyFkbM9wRHc+n7moWXz2+
Static task
static1
Behavioral task
behavioral1
Sample
dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620
-
Size
540KB
-
MD5
d72131bd8a2940d0ee116bfbda70de30
-
SHA1
5ec69148b94b80c42aca478d91c0fc59e5c7d968
-
SHA256
dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620
-
SHA512
87ed6c40cb3691d27131e319c484b7d57287fa8232b2bcfff1246081724e677b2f89aa7923a8c49bf8dd783be70c553945b7c1810458461e7f3b8b1869e4868f
-
SSDEEP
12288:0Mrby90OkH7+ieLkbFfsRbrsRHSr+n7m70WKWmlKugV2+:PyFkbM9wRHc+n7moWXz2+
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1