General
-
Target
a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17
-
Size
819KB
-
Sample
241110-dmf55sxpd1
-
MD5
6dcd72fe9f95f36e7eaa8d7177b2833b
-
SHA1
00e76fc4cfd7c631b2f378b7af8160a9b4c30c80
-
SHA256
a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17
-
SHA512
897152d511ea99f41e31847110b57e252302e2e00bfe0c26f1434865c4fac70442d9edf879bfeb93dd2bc96027de8d504df7e3ead8fcf33722c02272ef4c21a8
-
SSDEEP
24576:mhyPHbtCVWFtgReZ8LM+zSf4Z0A4IXnRpD:BPbQIUFLMRM0A4IX
Static task
static1
Behavioral task
behavioral1
Sample
a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17
-
Size
819KB
-
MD5
6dcd72fe9f95f36e7eaa8d7177b2833b
-
SHA1
00e76fc4cfd7c631b2f378b7af8160a9b4c30c80
-
SHA256
a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17
-
SHA512
897152d511ea99f41e31847110b57e252302e2e00bfe0c26f1434865c4fac70442d9edf879bfeb93dd2bc96027de8d504df7e3ead8fcf33722c02272ef4c21a8
-
SSDEEP
24576:mhyPHbtCVWFtgReZ8LM+zSf4Z0A4IXnRpD:BPbQIUFLMRM0A4IX
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1