General
-
Target
71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909
-
Size
526KB
-
Sample
241110-dhbpvs1mek
-
MD5
089eda338928881f5189f98549a52a61
-
SHA1
be4933e2acd1fbffa1e8decb9a17f7792afb6e75
-
SHA256
71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909
-
SHA512
9aed339ede07515c3bee21d309498b3997227a420fe935f0a9ddf82f697eca7500f04421e2b56ee13b42e97158a2e8c731bb12dfe354eed616a9b469d01abd74
-
SSDEEP
12288:uMrky90lnEXI1v/C1XdiGVtbTEBvJTPWVex3sqs:ayG1i1XlMhjGuTs
Static task
static1
Behavioral task
behavioral1
Sample
71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909
-
Size
526KB
-
MD5
089eda338928881f5189f98549a52a61
-
SHA1
be4933e2acd1fbffa1e8decb9a17f7792afb6e75
-
SHA256
71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909
-
SHA512
9aed339ede07515c3bee21d309498b3997227a420fe935f0a9ddf82f697eca7500f04421e2b56ee13b42e97158a2e8c731bb12dfe354eed616a9b469d01abd74
-
SSDEEP
12288:uMrky90lnEXI1v/C1XdiGVtbTEBvJTPWVex3sqs:ayG1i1XlMhjGuTs
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1