General
-
Target
654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f
-
Size
526KB
-
Sample
241111-b5v1xaypev
-
MD5
aa51d5a5a7d824a91252cb7013be08db
-
SHA1
bec03cc27bdf35ac397f57c4ab392c0949eb5582
-
SHA256
654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f
-
SHA512
6bb12451cd5ec37510ced848decc01742ee2cc9a158cd4c9f802a4c787901796a4cf7767e2b924298f6a50a841643b9bc3fdd39103c89f468725ecac9b8e1cec
-
SSDEEP
12288:FMrUy901N56gGISAMiubD7EAF1PZ44bjsgQXCOKwW:1yi5QAED9PvQin
Static task
static1
Behavioral task
behavioral1
Sample
654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f
-
Size
526KB
-
MD5
aa51d5a5a7d824a91252cb7013be08db
-
SHA1
bec03cc27bdf35ac397f57c4ab392c0949eb5582
-
SHA256
654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f
-
SHA512
6bb12451cd5ec37510ced848decc01742ee2cc9a158cd4c9f802a4c787901796a4cf7767e2b924298f6a50a841643b9bc3fdd39103c89f468725ecac9b8e1cec
-
SSDEEP
12288:FMrUy901N56gGISAMiubD7EAF1PZ44bjsgQXCOKwW:1yi5QAED9PvQin
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1