General
-
Target
ad7802ea485541906814858a5f2a46fcfba4ac498d184dfa3def0b627ec64108
-
Size
408KB
-
Sample
241110-ekc65szbjg
-
MD5
724b48462973903d6a31b2a9cf3f8d18
-
SHA1
4327272bd54a5f7fabd6f642518ea708113d085d
-
SHA256
ad7802ea485541906814858a5f2a46fcfba4ac498d184dfa3def0b627ec64108
-
SHA512
e9a2aa691367e5091dfd86855b7bede3d68475c78c4f0a7dba1c4fb9b8e61a0a7d7d9f73af261155b0f9af3677a9ebf380f9f44f52b66418ed47368042edd7d9
-
SSDEEP
6144:KOy+bnr+Bp0yN90QE/Ze9PvWsoQO9Q6qtP1JWYmzBbmayjxqpTsF1q:qMr9y90ZEY2tnfmzBb61qpIF1q
Static task
static1
Behavioral task
behavioral1
Sample
ad7802ea485541906814858a5f2a46fcfba4ac498d184dfa3def0b627ec64108.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
ad7802ea485541906814858a5f2a46fcfba4ac498d184dfa3def0b627ec64108
-
Size
408KB
-
MD5
724b48462973903d6a31b2a9cf3f8d18
-
SHA1
4327272bd54a5f7fabd6f642518ea708113d085d
-
SHA256
ad7802ea485541906814858a5f2a46fcfba4ac498d184dfa3def0b627ec64108
-
SHA512
e9a2aa691367e5091dfd86855b7bede3d68475c78c4f0a7dba1c4fb9b8e61a0a7d7d9f73af261155b0f9af3677a9ebf380f9f44f52b66418ed47368042edd7d9
-
SSDEEP
6144:KOy+bnr+Bp0yN90QE/Ze9PvWsoQO9Q6qtP1JWYmzBbmayjxqpTsF1q:qMr9y90ZEY2tnfmzBb61qpIF1q
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1