General
-
Target
4cbdcf9ee41466f17671f07c04532691c9b545c7fb21e3b1e7e430f74d7e3c10
-
Size
386KB
-
Sample
241110-djah7aybrh
-
MD5
93df1d0e13a1339e27a81f23d8392b5e
-
SHA1
7fedfd66d3ce64560b523b39419a359566e5643b
-
SHA256
4cbdcf9ee41466f17671f07c04532691c9b545c7fb21e3b1e7e430f74d7e3c10
-
SHA512
902e9bea29f0833bb91cafcd0c587132ec1d36a28413c74f40ed23460d37aea7d92c65323b7ba4f0f8c560161d24072fc103f757f68fe6a080baece591f7de4c
-
SSDEEP
6144:K8y+bnr+Qp0yN90QE48CQ/i6fmdza8YDH2D52nrpyjyU7x:sMr8y90a8nJmNa8IHxnFyyU7x
Static task
static1
Behavioral task
behavioral1
Sample
4cbdcf9ee41466f17671f07c04532691c9b545c7fb21e3b1e7e430f74d7e3c10.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
4cbdcf9ee41466f17671f07c04532691c9b545c7fb21e3b1e7e430f74d7e3c10
-
Size
386KB
-
MD5
93df1d0e13a1339e27a81f23d8392b5e
-
SHA1
7fedfd66d3ce64560b523b39419a359566e5643b
-
SHA256
4cbdcf9ee41466f17671f07c04532691c9b545c7fb21e3b1e7e430f74d7e3c10
-
SHA512
902e9bea29f0833bb91cafcd0c587132ec1d36a28413c74f40ed23460d37aea7d92c65323b7ba4f0f8c560161d24072fc103f757f68fe6a080baece591f7de4c
-
SSDEEP
6144:K8y+bnr+Qp0yN90QE48CQ/i6fmdza8YDH2D52nrpyjyU7x:sMr8y90a8nJmNa8IHxnFyyU7x
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1