General
-
Target
471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90
-
Size
478KB
-
Sample
241110-wv2e6avphl
-
MD5
19bb79d9f5ee3ce03853db4bca2ae407
-
SHA1
23f6cbddc1d03ed56cdc97ba97a987b85cf366e5
-
SHA256
471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90
-
SHA512
ed6a255b729b07e03746055be82f4917e2f0ef31aed9f08a20423fd53a6aca18b0136ad7ba177da244fd33e8e916e729730794f10cd1c0586a820c4ce22a50a8
-
SSDEEP
6144:Kjy+bnr+kp0yN90QEl+zFGswVHpbzUQ9e/PhWWYOUvT8nbkvSyT+AFHJBU1qVMAi:xMrAy90L+1wV6Q94Wlv4TyXHLc
Static task
static1
Behavioral task
behavioral1
Sample
471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90
-
Size
478KB
-
MD5
19bb79d9f5ee3ce03853db4bca2ae407
-
SHA1
23f6cbddc1d03ed56cdc97ba97a987b85cf366e5
-
SHA256
471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90
-
SHA512
ed6a255b729b07e03746055be82f4917e2f0ef31aed9f08a20423fd53a6aca18b0136ad7ba177da244fd33e8e916e729730794f10cd1c0586a820c4ce22a50a8
-
SSDEEP
6144:Kjy+bnr+kp0yN90QEl+zFGswVHpbzUQ9e/PhWWYOUvT8nbkvSyT+AFHJBU1qVMAi:xMrAy90L+1wV6Q94Wlv4TyXHLc
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1