General
-
Target
d8096a3304e61ed54ab9b7629f78d0c684a56aa26e5cbfd9bd61c469104cbc48
-
Size
546KB
-
Sample
241110-d7qkbayeqp
-
MD5
008264ee4450ea4af5a5ee83633d7f83
-
SHA1
e1d9f17fcf237f4777e56c16504a49531d18ea92
-
SHA256
d8096a3304e61ed54ab9b7629f78d0c684a56aa26e5cbfd9bd61c469104cbc48
-
SHA512
687676299cf715600574171d53182dbfb179bb1fa863f50a88e83d10c2d529f53384028971420d7622db0fe62ff2d17b9e2d2c074ad609e80de1d58a8afaa7c3
-
SSDEEP
12288:MMr3y90u5CHK8wLstoUJ8jh0stKwLXQJYqTd9Rni:zyN5oKe6UJA7dXQ+odi
Static task
static1
Behavioral task
behavioral1
Sample
d8096a3304e61ed54ab9b7629f78d0c684a56aa26e5cbfd9bd61c469104cbc48.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
d8096a3304e61ed54ab9b7629f78d0c684a56aa26e5cbfd9bd61c469104cbc48
-
Size
546KB
-
MD5
008264ee4450ea4af5a5ee83633d7f83
-
SHA1
e1d9f17fcf237f4777e56c16504a49531d18ea92
-
SHA256
d8096a3304e61ed54ab9b7629f78d0c684a56aa26e5cbfd9bd61c469104cbc48
-
SHA512
687676299cf715600574171d53182dbfb179bb1fa863f50a88e83d10c2d529f53384028971420d7622db0fe62ff2d17b9e2d2c074ad609e80de1d58a8afaa7c3
-
SSDEEP
12288:MMr3y90u5CHK8wLstoUJ8jh0stKwLXQJYqTd9Rni:zyN5oKe6UJA7dXQ+odi
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1