General
-
Target
0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e
-
Size
479KB
-
Sample
241110-ehzblaymdx
-
MD5
aa717e06ed26eca1ca28087d95d6fa74
-
SHA1
f28b2792132c7e93915a239da7805154269bb236
-
SHA256
0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e
-
SHA512
0ea957d7a28d23af8b0c13db10f76c2f057bb383020eb39d66a2f77d02f896c4feee7d5f1ffb70f5a91fe17fc365ea05f1ad27da698b00f691cbd629219f1dd0
-
SSDEEP
6144:KGy+bnr+np0yN90QE50qezeWE1lzN5DsB7LLayheQ+2/w7OKTxRDur0ZHX22OLo5:qMrfy903ygz4B7HHeRqw7nPDuam2Oiv
Static task
static1
Behavioral task
behavioral1
Sample
0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mufos
217.196.96.102:4132
-
auth_value
136f202e6569ad5815c34377858a255c
Targets
-
-
Target
0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e
-
Size
479KB
-
MD5
aa717e06ed26eca1ca28087d95d6fa74
-
SHA1
f28b2792132c7e93915a239da7805154269bb236
-
SHA256
0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e
-
SHA512
0ea957d7a28d23af8b0c13db10f76c2f057bb383020eb39d66a2f77d02f896c4feee7d5f1ffb70f5a91fe17fc365ea05f1ad27da698b00f691cbd629219f1dd0
-
SSDEEP
6144:KGy+bnr+np0yN90QE50qezeWE1lzN5DsB7LLayheQ+2/w7OKTxRDur0ZHX22OLo5:qMrfy903ygz4B7HHeRqw7nPDuam2Oiv
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1