General
-
Target
203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f
-
Size
478KB
-
Sample
241110-cwpcfaxfnh
-
MD5
e2ce6ff15d513aa9cf6a4a6c2575e56e
-
SHA1
43880185026f58f38a6d568875b90f90faffd6f5
-
SHA256
203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f
-
SHA512
90d9ec361bcad28ebe7bb708a589c3645a03bd6a8efbddb2c69ac182aec31c70a273306c5efaf97d26186a5f8b9056c2bcd0fc780e602f19880b80c279eec1fd
-
SSDEEP
12288:MMr7y90N0JNLwL4+rca/wfNHW/e8CU2M8MvG:Xy+Ldrtwf+CMjG
Static task
static1
Behavioral task
behavioral1
Sample
203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f
-
Size
478KB
-
MD5
e2ce6ff15d513aa9cf6a4a6c2575e56e
-
SHA1
43880185026f58f38a6d568875b90f90faffd6f5
-
SHA256
203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f
-
SHA512
90d9ec361bcad28ebe7bb708a589c3645a03bd6a8efbddb2c69ac182aec31c70a273306c5efaf97d26186a5f8b9056c2bcd0fc780e602f19880b80c279eec1fd
-
SSDEEP
12288:MMr7y90N0JNLwL4+rca/wfNHW/e8CU2M8MvG:Xy+Ldrtwf+CMjG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1