General
-
Target
daa8e46a6234b0bd1719e8b17a7cbeffea53bcbc5c6e97b059dde0694a65b05e
-
Size
526KB
-
Sample
241110-dh4ewayann
-
MD5
1532cfb69c9c3b00bc9491f42fce69a6
-
SHA1
fa786d61b1ecf64193f9be9b63dd5d56ab26d214
-
SHA256
daa8e46a6234b0bd1719e8b17a7cbeffea53bcbc5c6e97b059dde0694a65b05e
-
SHA512
a4a505f84eff632856df8df74fbd5f3b00ac08e2fc8dd9e43eb18f62177ce2923c9375ae21b700100b5657cd04d17123fafd1544e087d98dae22121ad43d0f66
-
SSDEEP
12288:xMrJy90Msw69NLOrJnekaI6nn5uFi1eyeY2uIr:kyWLOQka9n55Azu8
Static task
static1
Behavioral task
behavioral1
Sample
daa8e46a6234b0bd1719e8b17a7cbeffea53bcbc5c6e97b059dde0694a65b05e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
daa8e46a6234b0bd1719e8b17a7cbeffea53bcbc5c6e97b059dde0694a65b05e
-
Size
526KB
-
MD5
1532cfb69c9c3b00bc9491f42fce69a6
-
SHA1
fa786d61b1ecf64193f9be9b63dd5d56ab26d214
-
SHA256
daa8e46a6234b0bd1719e8b17a7cbeffea53bcbc5c6e97b059dde0694a65b05e
-
SHA512
a4a505f84eff632856df8df74fbd5f3b00ac08e2fc8dd9e43eb18f62177ce2923c9375ae21b700100b5657cd04d17123fafd1544e087d98dae22121ad43d0f66
-
SSDEEP
12288:xMrJy90Msw69NLOrJnekaI6nn5uFi1eyeY2uIr:kyWLOQka9n55Azu8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1