General
-
Target
9622fd1f4f4a741bec8c8a41c9ba369e1ba5ad6edb9818c6f80a218457ca9ae8
-
Size
1.5MB
-
Sample
241110-d1hk5a1qhj
-
MD5
4fd1474f27f7a1c9e144538fea9847e9
-
SHA1
f78d06530f3b8a87a6458d92ef59194bc1391dae
-
SHA256
9622fd1f4f4a741bec8c8a41c9ba369e1ba5ad6edb9818c6f80a218457ca9ae8
-
SHA512
b48a7431ccf2cae085e6e1d87c4a25706aeaee553c72496706dc5e5344d47f4f6857809512a61047a03905e00b38fc92d0e0e4f5fe955213aa8c00a27dd18a62
-
SSDEEP
24576:87yOpNBYAsmxFSmKoIWRzVPHw5VXtrgQBH5P8ttQgFA//3p+m9f8:BOzJBf/IKzwVdECp8/jFRu
Static task
static1
Behavioral task
behavioral1
Sample
9622fd1f4f4a741bec8c8a41c9ba369e1ba5ad6edb9818c6f80a218457ca9ae8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
9622fd1f4f4a741bec8c8a41c9ba369e1ba5ad6edb9818c6f80a218457ca9ae8
-
Size
1.5MB
-
MD5
4fd1474f27f7a1c9e144538fea9847e9
-
SHA1
f78d06530f3b8a87a6458d92ef59194bc1391dae
-
SHA256
9622fd1f4f4a741bec8c8a41c9ba369e1ba5ad6edb9818c6f80a218457ca9ae8
-
SHA512
b48a7431ccf2cae085e6e1d87c4a25706aeaee553c72496706dc5e5344d47f4f6857809512a61047a03905e00b38fc92d0e0e4f5fe955213aa8c00a27dd18a62
-
SSDEEP
24576:87yOpNBYAsmxFSmKoIWRzVPHw5VXtrgQBH5P8ttQgFA//3p+m9f8:BOzJBf/IKzwVdECp8/jFRu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1