General
-
Target
fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd
-
Size
481KB
-
Sample
241111-cf7tvazhlf
-
MD5
27fa3487181a83f3d50518512e8e6cb9
-
SHA1
56833aa68a5e1249ef0d488fdc94df2fb644bf69
-
SHA256
fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd
-
SHA512
68aaa56756c5179729c8042d5d498ca61e146309d65300b361295ae0b23c60b116a769cc12efa308ceff7e5752d7d92aa00bbbcd5a36ef4f2d037c285a2d5580
-
SSDEEP
12288:IMrBy90W3gE8zi8peNb7vggs9Keefm0UWauB:ZyFC2YefmrWauB
Static task
static1
Behavioral task
behavioral1
Sample
fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mofun
217.196.96.101:4132
-
auth_value
da5d4987d25c2de43d34fcc99b29fff3
Targets
-
-
Target
fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd
-
Size
481KB
-
MD5
27fa3487181a83f3d50518512e8e6cb9
-
SHA1
56833aa68a5e1249ef0d488fdc94df2fb644bf69
-
SHA256
fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd
-
SHA512
68aaa56756c5179729c8042d5d498ca61e146309d65300b361295ae0b23c60b116a769cc12efa308ceff7e5752d7d92aa00bbbcd5a36ef4f2d037c285a2d5580
-
SSDEEP
12288:IMrBy90W3gE8zi8peNb7vggs9Keefm0UWauB:ZyFC2YefmrWauB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1