General
-
Target
60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1
-
Size
752KB
-
Sample
241110-l525bsxqap
-
MD5
2dde023a89d3096f091776633e1c9885
-
SHA1
ead0cc6a9791113c252d552de6bb2400d5fed326
-
SHA256
60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1
-
SHA512
b131f99c93b5fe7344027f6ac2c3171764706075867226bcd90a537a91904746b0212218b6edc4f8ab63a5804f72500ab53062a8e4ef2d3a8794fcfea0b8d860
-
SSDEEP
12288:TMrXy90AIwz2wBm4NzYJgpZxJrugwEolhI+t1HJju3A446p5hvJWQ7HR9IQyKnBM:8yNB2wFYJcPZwE9+tZJjBk5hv133Ut
Static task
static1
Behavioral task
behavioral1
Sample
60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mars
83.97.73.127:19045
-
auth_value
91bd3682cfb50cdc64b6009eb977b766
Targets
-
-
Target
60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1
-
Size
752KB
-
MD5
2dde023a89d3096f091776633e1c9885
-
SHA1
ead0cc6a9791113c252d552de6bb2400d5fed326
-
SHA256
60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1
-
SHA512
b131f99c93b5fe7344027f6ac2c3171764706075867226bcd90a537a91904746b0212218b6edc4f8ab63a5804f72500ab53062a8e4ef2d3a8794fcfea0b8d860
-
SSDEEP
12288:TMrXy90AIwz2wBm4NzYJgpZxJrugwEolhI+t1HJju3A446p5hvJWQ7HR9IQyKnBM:8yNB2wFYJcPZwE9+tZJjBk5hv133Ut
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1