General
-
Target
f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d
-
Size
530KB
-
Sample
241110-eknmwaymfv
-
MD5
2318fcb0275353f53365740765b41ddb
-
SHA1
fea0319a5a932297e8b47a4d985a7c648af01373
-
SHA256
f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d
-
SHA512
625fe79fe59258f8ca3ff28e9e5ba08a2ac09a7ca312d92f5d0ea1881c8be00eb91fc277cb1866d60a1770125b2d3c02472c08ed80e01c2937c73421c4da2d3f
-
SSDEEP
12288:BMrry90bqb+skYHUaJ7m2T+SWsSDom4FURew5J5bvmwToQY7O:OyWqbfFUg7yS1ComOszddT3/
Static task
static1
Behavioral task
behavioral1
Sample
f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d
-
Size
530KB
-
MD5
2318fcb0275353f53365740765b41ddb
-
SHA1
fea0319a5a932297e8b47a4d985a7c648af01373
-
SHA256
f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d
-
SHA512
625fe79fe59258f8ca3ff28e9e5ba08a2ac09a7ca312d92f5d0ea1881c8be00eb91fc277cb1866d60a1770125b2d3c02472c08ed80e01c2937c73421c4da2d3f
-
SSDEEP
12288:BMrry90bqb+skYHUaJ7m2T+SWsSDom4FURew5J5bvmwToQY7O:OyWqbfFUg7yS1ComOszddT3/
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1