General
-
Target
7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64
-
Size
703KB
-
Sample
241110-dvpr9a1pgm
-
MD5
f12f951e2ce6afcd8bbe0a2a3595ba65
-
SHA1
9d62b510551c89292407da63f02b0664c1539698
-
SHA256
7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64
-
SHA512
78b0ccdd8af9012e0fc4fd212788a63096c2b270601b2bc1d04ef57b370888ab6922bb60e69842b535b5eeea3d692ac797a04c6973500020b9178a15a6841cde
-
SSDEEP
12288:QMrXy90OoFh7W/gyz5TRNWYPQJUMbSsVnvwr493A3fdyzC3pS1:Xy+hygyzQ2QltwrI3AAGc
Static task
static1
Behavioral task
behavioral1
Sample
7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubik
193.233.20.17:4139
-
auth_value
05136deb26ad700ca57d43b1de454f46
Targets
-
-
Target
7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64
-
Size
703KB
-
MD5
f12f951e2ce6afcd8bbe0a2a3595ba65
-
SHA1
9d62b510551c89292407da63f02b0664c1539698
-
SHA256
7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64
-
SHA512
78b0ccdd8af9012e0fc4fd212788a63096c2b270601b2bc1d04ef57b370888ab6922bb60e69842b535b5eeea3d692ac797a04c6973500020b9178a15a6841cde
-
SSDEEP
12288:QMrXy90OoFh7W/gyz5TRNWYPQJUMbSsVnvwr493A3fdyzC3pS1:Xy+hygyzQ2QltwrI3AAGc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1