General
-
Target
b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84
-
Size
569KB
-
Sample
241111-mv59nsybpm
-
MD5
7a472d1ea9d536bac06814998872ac79
-
SHA1
f3742bb745286ea0edd757e078c59ffe2be16384
-
SHA256
b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84
-
SHA512
78615c778a644f6c5989d748753dc75b6c0e96eaff0c2c8753090fea5f31c73622aceffed0b07bbcb83354d73460c4461c065724c5e0bdd7de6c6f54839a8373
-
SSDEEP
12288:1Mr8y90mahimz7AuxqVufv2t1GWFb2jSrIhc8V5b:ZyHsVAuxYufvcbgjS8e83
Static task
static1
Behavioral task
behavioral1
Sample
b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84
-
Size
569KB
-
MD5
7a472d1ea9d536bac06814998872ac79
-
SHA1
f3742bb745286ea0edd757e078c59ffe2be16384
-
SHA256
b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84
-
SHA512
78615c778a644f6c5989d748753dc75b6c0e96eaff0c2c8753090fea5f31c73622aceffed0b07bbcb83354d73460c4461c065724c5e0bdd7de6c6f54839a8373
-
SSDEEP
12288:1Mr8y90mahimz7AuxqVufv2t1GWFb2jSrIhc8V5b:ZyHsVAuxYufvcbgjS8e83
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1