General
-
Target
5d13240bfaefc488f636fe7540280f9154e90aa8ef02a8a7321b9d933e333bf5
-
Size
545KB
-
Sample
241110-djl7zsxnhx
-
MD5
830171a9956ceb761837f14026972781
-
SHA1
653c459cc000fafd9a4f8b0e7a1046ccf2138f3d
-
SHA256
5d13240bfaefc488f636fe7540280f9154e90aa8ef02a8a7321b9d933e333bf5
-
SHA512
3850406f22f39fc1235092f18798300e5100f38f69946e60753cd822ea5d79149157ca5db9ae0abbfdd31ac8a78e2d70e85188198969fb195b36c7513113e352
-
SSDEEP
12288:SMr2y90vTVZrZfYGaKriG4nZv4S/dQz2TL84M:4yM1PeG4ZvVFQzH/
Static task
static1
Behavioral task
behavioral1
Sample
5d13240bfaefc488f636fe7540280f9154e90aa8ef02a8a7321b9d933e333bf5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
5d13240bfaefc488f636fe7540280f9154e90aa8ef02a8a7321b9d933e333bf5
-
Size
545KB
-
MD5
830171a9956ceb761837f14026972781
-
SHA1
653c459cc000fafd9a4f8b0e7a1046ccf2138f3d
-
SHA256
5d13240bfaefc488f636fe7540280f9154e90aa8ef02a8a7321b9d933e333bf5
-
SHA512
3850406f22f39fc1235092f18798300e5100f38f69946e60753cd822ea5d79149157ca5db9ae0abbfdd31ac8a78e2d70e85188198969fb195b36c7513113e352
-
SSDEEP
12288:SMr2y90vTVZrZfYGaKriG4nZv4S/dQz2TL84M:4yM1PeG4ZvVFQzH/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1