General
-
Target
4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd
-
Size
477KB
-
Sample
241110-z476vaward
-
MD5
90abeea85fcfb6fa909c8665cce0fe36
-
SHA1
2c2380404684912ae59cc75a0dcaf4d05cfadfc7
-
SHA256
4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd
-
SHA512
11648e9f785ee988b35a2afbd07c90c468179c71031ddc464288adaf9c0dc5378e9a6e71500700415ae35cefb5cc9755d490d7f85c33b3c7d005c0dfc0830f88
-
SSDEEP
12288:GMrZy90jkPVjt/JAUUJ3NjnAP+ZuGrDn6uf2:LyvVx/C3FIGrB2
Static task
static1
Behavioral task
behavioral1
Sample
4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd
-
Size
477KB
-
MD5
90abeea85fcfb6fa909c8665cce0fe36
-
SHA1
2c2380404684912ae59cc75a0dcaf4d05cfadfc7
-
SHA256
4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd
-
SHA512
11648e9f785ee988b35a2afbd07c90c468179c71031ddc464288adaf9c0dc5378e9a6e71500700415ae35cefb5cc9755d490d7f85c33b3c7d005c0dfc0830f88
-
SSDEEP
12288:GMrZy90jkPVjt/JAUUJ3NjnAP+ZuGrDn6uf2:LyvVx/C3FIGrB2
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1