General
-
Target
fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b
-
Size
546KB
-
Sample
241110-dg8m7syalp
-
MD5
b8eed11da39e5366d7cbb6ca8c134e7d
-
SHA1
67ede0cbfd81e4d70749289ddb58f432f516b899
-
SHA256
fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b
-
SHA512
d259e04173f9edfbb06a5b7dc0f453c36f78b9f97192b05794a3415ccd89c864dcf182a2adf1d71abe56c13826510865d9c7e497d1d8138e81ef864ec1c3646e
-
SSDEEP
12288:WMriy90k1PQfR9ZRi9gd+JstFwLJDsPRlB2DtZ:wyIHaesJDiED3
Static task
static1
Behavioral task
behavioral1
Sample
fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b
-
Size
546KB
-
MD5
b8eed11da39e5366d7cbb6ca8c134e7d
-
SHA1
67ede0cbfd81e4d70749289ddb58f432f516b899
-
SHA256
fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b
-
SHA512
d259e04173f9edfbb06a5b7dc0f453c36f78b9f97192b05794a3415ccd89c864dcf182a2adf1d71abe56c13826510865d9c7e497d1d8138e81ef864ec1c3646e
-
SSDEEP
12288:WMriy90k1PQfR9ZRi9gd+JstFwLJDsPRlB2DtZ:wyIHaesJDiED3
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1