General
-
Target
b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc
-
Size
553KB
-
Sample
241110-d7jrrssjbn
-
MD5
2f63c5cab83d61ff8a9909a6af272702
-
SHA1
a802e6ec10d3d744578d9a3f85c5ff8bbf1329eb
-
SHA256
b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc
-
SHA512
1df254f28a09e5a967ed8d9d6cf645e71a1c3c0597310b714565531638dc915f72924828db9cf7cc17fcd0fe8cae59eb0df361794da9c14859de57c4ae2093cc
-
SSDEEP
12288:0Mr6y901PdWg6wCIckEEzyemZ0KyFfJsoF8Lw8wGtum:OywVok35VF8Lntum
Static task
static1
Behavioral task
behavioral1
Sample
b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc
-
Size
553KB
-
MD5
2f63c5cab83d61ff8a9909a6af272702
-
SHA1
a802e6ec10d3d744578d9a3f85c5ff8bbf1329eb
-
SHA256
b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc
-
SHA512
1df254f28a09e5a967ed8d9d6cf645e71a1c3c0597310b714565531638dc915f72924828db9cf7cc17fcd0fe8cae59eb0df361794da9c14859de57c4ae2093cc
-
SSDEEP
12288:0Mr6y901PdWg6wCIckEEzyemZ0KyFfJsoF8Lw8wGtum:OywVok35VF8Lntum
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1