General
-
Target
ccf30668a05f9b4d0e7b3e631d4f9309aa6598bc78d498082e0da6f247bfc12e
-
Size
730KB
-
Sample
241110-ql79fswrg1
-
MD5
0fe82dd00de9ef0937e4b8db6d214d01
-
SHA1
e48f533b0cad228aa829e5c91f46edc23d5ca325
-
SHA256
ccf30668a05f9b4d0e7b3e631d4f9309aa6598bc78d498082e0da6f247bfc12e
-
SHA512
371dc55c4ef4f412791c417a223f5c3e7fad171e4516db9cc625cb2849bfcd274481327e18886a2762bc89b67bc1a17b5def6e4eb231d01232826bc4a7546f3b
-
SSDEEP
12288:kMrfy90RMwDLqE6vlj3YF1k/el7fNnsxO6ZF9SRgZbfN8wX8s7AHGtE:7y8Mo2lj3Uk/eBfNsx/3HdNH8s7AmG
Static task
static1
Behavioral task
behavioral1
Sample
ccf30668a05f9b4d0e7b3e631d4f9309aa6598bc78d498082e0da6f247bfc12e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Targets
-
-
Target
ccf30668a05f9b4d0e7b3e631d4f9309aa6598bc78d498082e0da6f247bfc12e
-
Size
730KB
-
MD5
0fe82dd00de9ef0937e4b8db6d214d01
-
SHA1
e48f533b0cad228aa829e5c91f46edc23d5ca325
-
SHA256
ccf30668a05f9b4d0e7b3e631d4f9309aa6598bc78d498082e0da6f247bfc12e
-
SHA512
371dc55c4ef4f412791c417a223f5c3e7fad171e4516db9cc625cb2849bfcd274481327e18886a2762bc89b67bc1a17b5def6e4eb231d01232826bc4a7546f3b
-
SSDEEP
12288:kMrfy90RMwDLqE6vlj3YF1k/el7fNnsxO6ZF9SRgZbfN8wX8s7AHGtE:7y8Mo2lj3Uk/eBfNsx/3HdNH8s7AmG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1