General
-
Target
0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff
-
Size
686KB
-
Sample
241110-dhvgzayamq
-
MD5
437cecd5e5079e7bc53028a2e6880600
-
SHA1
480e72fda4137cf6d61dfb5f494781a83ba9169d
-
SHA256
0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff
-
SHA512
7ef79bba87e4afcca28874d6ceb9c0530978d71b63ef0625c408892fff4a179309ff7a84104a1256d595cc461a8e789a8d1d12ea63880ce41b7fbd89c881438d
-
SSDEEP
12288:DMrcy90g9yI0R2jqzKJr/Z/E7jYmIL4ZTFdZZ0k4k2KByA7I:Hy9SRDyrREvYlm+kMKDI
Static task
static1
Behavioral task
behavioral1
Sample
0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Targets
-
-
Target
0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff
-
Size
686KB
-
MD5
437cecd5e5079e7bc53028a2e6880600
-
SHA1
480e72fda4137cf6d61dfb5f494781a83ba9169d
-
SHA256
0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff
-
SHA512
7ef79bba87e4afcca28874d6ceb9c0530978d71b63ef0625c408892fff4a179309ff7a84104a1256d595cc461a8e789a8d1d12ea63880ce41b7fbd89c881438d
-
SSDEEP
12288:DMrcy90g9yI0R2jqzKJr/Z/E7jYmIL4ZTFdZZ0k4k2KByA7I:Hy9SRDyrREvYlm+kMKDI
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1