General
-
Target
3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df
-
Size
851KB
-
Sample
241110-dv5hpsyelf
-
MD5
78cca5f61f7a7413710da321ec578da7
-
SHA1
9f4137c1e90e14ee1a5d7847cc8f91ede6ac9b7c
-
SHA256
3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df
-
SHA512
5cc3538e3e6614dba9609262647b075b7d34f4b90b747979c41010b8f3bc542b94b99030307d39caa75d1133fd6cfe3a49fc08eaacf89ef3dde0064cfa12eeed
-
SSDEEP
12288:2Mr0y906TBE7xfjiOX/H31H/3zGNtcr29bkxjP33vDQSmWX+t+ktc+IoUAFvbTs:eydVwjiG17Qz4j/3vD96+P9BAFns
Static task
static1
Behavioral task
behavioral1
Sample
3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df
-
Size
851KB
-
MD5
78cca5f61f7a7413710da321ec578da7
-
SHA1
9f4137c1e90e14ee1a5d7847cc8f91ede6ac9b7c
-
SHA256
3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df
-
SHA512
5cc3538e3e6614dba9609262647b075b7d34f4b90b747979c41010b8f3bc542b94b99030307d39caa75d1133fd6cfe3a49fc08eaacf89ef3dde0064cfa12eeed
-
SSDEEP
12288:2Mr0y906TBE7xfjiOX/H31H/3zGNtcr29bkxjP33vDQSmWX+t+ktc+IoUAFvbTs:eydVwjiG17Qz4j/3vD96+P9BAFns
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1