General
-
Target
95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5
-
Size
550KB
-
Sample
241110-ek5ldsyhlm
-
MD5
b7985d9ab37d3a6b1eceb59d90a23c74
-
SHA1
c65e5d71875b68a4cfea04d6246118bbf594117c
-
SHA256
95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5
-
SHA512
188895390fa9f0003f98ca757dae8739665e787739ffadbef8cb9bdbe6c29aee0e35f02016f7249a28f39e12690a4c76e9b21707367dc5337d2d4c6f612428c2
-
SSDEEP
12288:lMrMy90nO2ut2Km5QS+4lL8esUHZu7zXeEmRc+ySCMNnnvkfOguA:hy12ulYw4lges4u7zXxmRcFSCMNnvkfZ
Static task
static1
Behavioral task
behavioral1
Sample
95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5
-
Size
550KB
-
MD5
b7985d9ab37d3a6b1eceb59d90a23c74
-
SHA1
c65e5d71875b68a4cfea04d6246118bbf594117c
-
SHA256
95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5
-
SHA512
188895390fa9f0003f98ca757dae8739665e787739ffadbef8cb9bdbe6c29aee0e35f02016f7249a28f39e12690a4c76e9b21707367dc5337d2d4c6f612428c2
-
SSDEEP
12288:lMrMy90nO2ut2Km5QS+4lL8esUHZu7zXeEmRc+ySCMNnnvkfOguA:hy12ulYw4lges4u7zXxmRcFSCMNnvkfZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1