General
-
Target
3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb
-
Size
779KB
-
Sample
241110-d98tnsyhjd
-
MD5
69d6353ae39d783a726052381460964f
-
SHA1
8efa333d3fa245e11fe8ddf71b4b1c174c2594bd
-
SHA256
3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb
-
SHA512
7c5533c7510a4b73ac9a18d1a26d97e85f24ab6a5fa178e40b1e59b4d52fe02539806acce2f3840a79a86497738fe7427dd98ee395247733c831b0b496553e0d
-
SSDEEP
12288:OMrpy9091gtm5+HuWpodpNY9FeRZ+KPig399SDZD9s8t/IvLtkt4pcHWUmGDnwiw:nyG+OmopY9c6OiK/SxXIvLtm476zwP7
Static task
static1
Behavioral task
behavioral1
Sample
3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb
-
Size
779KB
-
MD5
69d6353ae39d783a726052381460964f
-
SHA1
8efa333d3fa245e11fe8ddf71b4b1c174c2594bd
-
SHA256
3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb
-
SHA512
7c5533c7510a4b73ac9a18d1a26d97e85f24ab6a5fa178e40b1e59b4d52fe02539806acce2f3840a79a86497738fe7427dd98ee395247733c831b0b496553e0d
-
SSDEEP
12288:OMrpy9091gtm5+HuWpodpNY9FeRZ+KPig399SDZD9s8t/IvLtkt4pcHWUmGDnwiw:nyG+OmopY9c6OiK/SxXIvLtm476zwP7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1