General
-
Target
cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9
-
Size
480KB
-
Sample
241110-dhj18sxnfz
-
MD5
67a3bea81187f8774ec841aba03437a4
-
SHA1
1a1e33c8145999b86a85d4df11be873aab98ee3a
-
SHA256
cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9
-
SHA512
57223e80a46ea69e3b62eee05d46df1a5915a040bc34343e46e8c34986fb8f85d79667644b80a06f3c9d99824419e8f412c38eca84e08f3856ae38fdf2f7552f
-
SSDEEP
12288:zMrgy90B6gVZwJopiuaRNd50fVvx3U3wW0V:3yK6gZUvC5x3Ch0V
Static task
static1
Behavioral task
behavioral1
Sample
cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Targets
-
-
Target
cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9
-
Size
480KB
-
MD5
67a3bea81187f8774ec841aba03437a4
-
SHA1
1a1e33c8145999b86a85d4df11be873aab98ee3a
-
SHA256
cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9
-
SHA512
57223e80a46ea69e3b62eee05d46df1a5915a040bc34343e46e8c34986fb8f85d79667644b80a06f3c9d99824419e8f412c38eca84e08f3856ae38fdf2f7552f
-
SSDEEP
12288:zMrgy90B6gVZwJopiuaRNd50fVvx3U3wW0V:3yK6gZUvC5x3Ch0V
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1