General
-
Target
3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25
-
Size
764KB
-
Sample
241110-dg33qaxnew
-
MD5
4cb4619ac9996a3e93ca272a817e94a0
-
SHA1
43fc388b268aa2995ec648f07773cb94be48a9e4
-
SHA256
3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25
-
SHA512
2007c4d9582a17f83977dd85911e3e5725f0205876dc6e0652244b369ec07a89790dbe9c934354fa65203cbd9d9e4ca71cd85063067d12cbf01507fd04bda7c8
-
SSDEEP
12288:qMrQy90CT2HOpsw+9vkbAdVvSbD2Kl5BriefX5nNfQJbVROCjWvWP2ddu9W5Zued:Kyxqupswek+SbyK5EefJNfQZ/DYWP2dR
Static task
static1
Behavioral task
behavioral1
Sample
3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Targets
-
-
Target
3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25
-
Size
764KB
-
MD5
4cb4619ac9996a3e93ca272a817e94a0
-
SHA1
43fc388b268aa2995ec648f07773cb94be48a9e4
-
SHA256
3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25
-
SHA512
2007c4d9582a17f83977dd85911e3e5725f0205876dc6e0652244b369ec07a89790dbe9c934354fa65203cbd9d9e4ca71cd85063067d12cbf01507fd04bda7c8
-
SSDEEP
12288:qMrQy90CT2HOpsw+9vkbAdVvSbD2Kl5BriefX5nNfQJbVROCjWvWP2ddu9W5Zued:Kyxqupswek+SbyK5EefJNfQZ/DYWP2dR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1