General
-
Target
8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2
-
Size
660KB
-
Sample
241110-djtbas1mgk
-
MD5
c571540e5ae9782fe044ef51f510592d
-
SHA1
a361f58838452e294f5d05311e57998897d6d2b7
-
SHA256
8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2
-
SHA512
a3d4db1294283c657f025a3c0d9b20cbd7d9b9d482c00487e417e71edc0553db873bee25ecd27fc361adb5d5c0b80e2e87a4eb01ff989f7ca9e48b71253998a9
-
SSDEEP
12288:nMrny90H2dLlsD3KxqqKkgCb9XOX8VtHABcWjRIavJ:0yU2dRsDaxRb9XOMVFWWaR
Static task
static1
Behavioral task
behavioral1
Sample
8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubik
193.233.20.17:4139
-
auth_value
05136deb26ad700ca57d43b1de454f46
Targets
-
-
Target
8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2
-
Size
660KB
-
MD5
c571540e5ae9782fe044ef51f510592d
-
SHA1
a361f58838452e294f5d05311e57998897d6d2b7
-
SHA256
8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2
-
SHA512
a3d4db1294283c657f025a3c0d9b20cbd7d9b9d482c00487e417e71edc0553db873bee25ecd27fc361adb5d5c0b80e2e87a4eb01ff989f7ca9e48b71253998a9
-
SSDEEP
12288:nMrny90H2dLlsD3KxqqKkgCb9XOX8VtHABcWjRIavJ:0yU2dRsDaxRb9XOMVFWWaR
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1