General
-
Target
bf393436fb5c1d780be0c03ce0adda63efee1d0b61cb78c3210203d8478353f6
-
Size
1.1MB
-
Sample
241110-yrl76sthqg
-
MD5
710a0e0fed59f7bc2bf9f0de7126b1df
-
SHA1
9374b15840d99614268f92322fc7f82315530747
-
SHA256
bf393436fb5c1d780be0c03ce0adda63efee1d0b61cb78c3210203d8478353f6
-
SHA512
31ea019ab9c7a225a952f88beb2fdbc634996f6705558472cc1a68662ec7e82db570ce0b3521b56a53887f32ed2610e9d40077ea7d9588ebe83660aa4eb002e1
-
SSDEEP
24576:nE2pPh6v8O74D3kgO6TDE1HWe88CIgLM7jRs0zJD94ht92OKs:EaPkwznTQ1H98ogsKa94jGs
Static task
static1
Behavioral task
behavioral1
Sample
ad4a3dec1d4b2bbf197a23d9ccdc33fc911b71729362d5a437005e6b318ecf4a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rodik
193.233.20.23:4124
-
auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d
Targets
-
-
Target
ad4a3dec1d4b2bbf197a23d9ccdc33fc911b71729362d5a437005e6b318ecf4a.exe
-
Size
1.1MB
-
MD5
73a7695064f956af574b49802de54b2f
-
SHA1
79521dbeea68fcc84a81a95e14d58e7446574be7
-
SHA256
ad4a3dec1d4b2bbf197a23d9ccdc33fc911b71729362d5a437005e6b318ecf4a
-
SHA512
7278d24f1a66c4fa40f325738e105c0f50a7a31a71bd44f89553c916f97a0057229b5c573c03351540f35db1befb58c18c979d4a24b9f827bcfcea25dc33fab8
-
SSDEEP
24576:cy2KjwWQeHidEEBwHxHP3zjnrenjEL7Ea19kgnee2mpWKIQjyYv:L2GwW/Ci8whPjjwEvECW5fmpJIQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1