General
-
Target
aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07
-
Size
479KB
-
Sample
241110-g26wws1enl
-
MD5
3d014232b3745d351c387b6e5ae04096
-
SHA1
64683c6c2715783d067f50b0c3fd1d97d243224a
-
SHA256
aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07
-
SHA512
7aa89840f634cd54e91d618d86db30b30a1b0891ad3cffcaae86cbba92e4dd705a4562aaadc7362248f01464762b52b44a5aa5539038967995dcb1b7d444b01b
-
SSDEEP
12288:VMrdy90E5whS/hiZUyi/LwJSCykLF8fTQU:oyH7/hyKWtVLFUt
Static task
static1
Behavioral task
behavioral1
Sample
aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Targets
-
-
Target
aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07
-
Size
479KB
-
MD5
3d014232b3745d351c387b6e5ae04096
-
SHA1
64683c6c2715783d067f50b0c3fd1d97d243224a
-
SHA256
aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07
-
SHA512
7aa89840f634cd54e91d618d86db30b30a1b0891ad3cffcaae86cbba92e4dd705a4562aaadc7362248f01464762b52b44a5aa5539038967995dcb1b7d444b01b
-
SSDEEP
12288:VMrdy90E5whS/hiZUyi/LwJSCykLF8fTQU:oyH7/hyKWtVLFUt
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1