General
-
Target
c4f0f69d4089eabab3238122743329948a5138d215446e657e52f4b674a5f42e
-
Size
526KB
-
Sample
241110-dl4j2syblk
-
MD5
4d5036fa034f8376eec0162501ab7d80
-
SHA1
740be4d3d84056332ec90465b8d5756150041d0c
-
SHA256
c4f0f69d4089eabab3238122743329948a5138d215446e657e52f4b674a5f42e
-
SHA512
9b32d76406fc78f25de1f5352aa697af3d8d5cde472990b55fb77e467fa9894d718697b4fdc16d7efa4a1c762a8005ddc1a955cf300fc8a2c71049d2d1bb4c2d
-
SSDEEP
12288:RMrpy90G4rlh5aGTgxnGxVt/2BHSamIa6l5VS51z:gy14FKnGZUSHIaM4
Static task
static1
Behavioral task
behavioral1
Sample
c4f0f69d4089eabab3238122743329948a5138d215446e657e52f4b674a5f42e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
c4f0f69d4089eabab3238122743329948a5138d215446e657e52f4b674a5f42e
-
Size
526KB
-
MD5
4d5036fa034f8376eec0162501ab7d80
-
SHA1
740be4d3d84056332ec90465b8d5756150041d0c
-
SHA256
c4f0f69d4089eabab3238122743329948a5138d215446e657e52f4b674a5f42e
-
SHA512
9b32d76406fc78f25de1f5352aa697af3d8d5cde472990b55fb77e467fa9894d718697b4fdc16d7efa4a1c762a8005ddc1a955cf300fc8a2c71049d2d1bb4c2d
-
SSDEEP
12288:RMrpy90G4rlh5aGTgxnGxVt/2BHSamIa6l5VS51z:gy14FKnGZUSHIaM4
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1