General
-
Target
6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4
-
Size
730KB
-
Sample
241110-tclwmszgke
-
MD5
1f1c6b538393215b3d777c1d6446ae3a
-
SHA1
531cbc05927b83781c954520bc510bdb81f688a0
-
SHA256
6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4
-
SHA512
3edeafb2db8c7e4b7e4a44504d1339b12a204c83d9d306fc858ef77bbb8461322a953f34bc96026f55a7a786e2a9db283b933a79707f247bc8c7c0a5f7b373a8
-
SSDEEP
12288:rMray90FS5SFLMa9gJvvV1P3bNdxtv0CmU+l2+Re8j4d+T3PQZkhi:lyKS8FLMNP3bZtlCReuukhi
Static task
static1
Behavioral task
behavioral1
Sample
6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dars
83.97.73.127:19045
-
auth_value
7cd208e6b6c927262304d5d4d88647fd
Targets
-
-
Target
6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4
-
Size
730KB
-
MD5
1f1c6b538393215b3d777c1d6446ae3a
-
SHA1
531cbc05927b83781c954520bc510bdb81f688a0
-
SHA256
6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4
-
SHA512
3edeafb2db8c7e4b7e4a44504d1339b12a204c83d9d306fc858ef77bbb8461322a953f34bc96026f55a7a786e2a9db283b933a79707f247bc8c7c0a5f7b373a8
-
SSDEEP
12288:rMray90FS5SFLMa9gJvvV1P3bNdxtv0CmU+l2+Re8j4d+T3PQZkhi:lyKS8FLMNP3bZtlCReuukhi
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1