General
-
Target
c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e
-
Size
541KB
-
Sample
241110-dzkzvsydmp
-
MD5
5deff8c89e2ae71c8a81cc114189135a
-
SHA1
7e2bd858aac226322fd6525bde9e5c8aee643af4
-
SHA256
c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e
-
SHA512
43b6c928443199ef62ecccf75120cd3bcbc97b9db7cb6a5c397089747818f7012a753a9c8a1afd9e633a481ca8a4768c5e9f2635f77a9dfafa13cabc9d03fe9d
-
SSDEEP
12288:zMr+y90F1QTBAjaEm3wr49bQocFpkvvjvSeda8Mb+E+bXCfHGsyuoz:lyAQT+lJr4GdzEbvSUY+5LCfHvyuy
Static task
static1
Behavioral task
behavioral1
Sample
c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e
-
Size
541KB
-
MD5
5deff8c89e2ae71c8a81cc114189135a
-
SHA1
7e2bd858aac226322fd6525bde9e5c8aee643af4
-
SHA256
c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e
-
SHA512
43b6c928443199ef62ecccf75120cd3bcbc97b9db7cb6a5c397089747818f7012a753a9c8a1afd9e633a481ca8a4768c5e9f2635f77a9dfafa13cabc9d03fe9d
-
SSDEEP
12288:zMr+y90F1QTBAjaEm3wr49bQocFpkvvjvSeda8Mb+E+bXCfHGsyuoz:lyAQT+lJr4GdzEbvSUY+5LCfHvyuy
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1