General
-
Target
fa3bdbf382e090f4b902dd1e6c32d501af130b5574a1d15a1f8feebee96fef37
-
Size
1.1MB
-
Sample
241110-d7g8yasjbl
-
MD5
80c9451f250affd72e058c0b0e0ecf5f
-
SHA1
4685fb651b69b2fb5b661a6a496db6cf2c572df2
-
SHA256
fa3bdbf382e090f4b902dd1e6c32d501af130b5574a1d15a1f8feebee96fef37
-
SHA512
747c93b1f8e12ee1dffa800a0bc61639ec37481b5d4e8afc4801e4984e50e4d4b841498f4ed8e91165b0c9c9f3719a5cecc718f01c9c49f39c02d99ff6306114
-
SSDEEP
24576:yygdOVDEdSxUQubRFlMimYNjmaS/vT3ey:ZOOpQSxW/L5S6
Static task
static1
Behavioral task
behavioral1
Sample
fa3bdbf382e090f4b902dd1e6c32d501af130b5574a1d15a1f8feebee96fef37.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronam
193.233.20.17:4139
-
auth_value
125421d19d14dd7fd211bc7f6d4aea6c
Targets
-
-
Target
fa3bdbf382e090f4b902dd1e6c32d501af130b5574a1d15a1f8feebee96fef37
-
Size
1.1MB
-
MD5
80c9451f250affd72e058c0b0e0ecf5f
-
SHA1
4685fb651b69b2fb5b661a6a496db6cf2c572df2
-
SHA256
fa3bdbf382e090f4b902dd1e6c32d501af130b5574a1d15a1f8feebee96fef37
-
SHA512
747c93b1f8e12ee1dffa800a0bc61639ec37481b5d4e8afc4801e4984e50e4d4b841498f4ed8e91165b0c9c9f3719a5cecc718f01c9c49f39c02d99ff6306114
-
SSDEEP
24576:yygdOVDEdSxUQubRFlMimYNjmaS/vT3ey:ZOOpQSxW/L5S6
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1