General
-
Target
98e202cef9f0b0d90af28054ac9392aa7ec52c95faa56a012ced9274d9350d5cN.exe
-
Size
1.4MB
-
Sample
241112-x7nv9sykfw
-
MD5
bcfc356fc3daeb84c6d9c5cad63409f1
-
SHA1
25a708649803134082ae34bc92c236f04b8344e0
-
SHA256
d94c996218e981a9fc47662f0b1521d8d19d58ec43025c8ddc63d011e0a8a23e
-
SHA512
6f50b06f1abdf30d679e739fe478d34b205c6d9f1593058e7128b65e4ea9c52c213dd3aadcc456ed03011e5f88395be52772e632ba8b053067fd84c4429b092f
-
SSDEEP
24576:SyzCJTJMz82c5RNX5WoRHnkuhUDF9+fL4Z+rF7S5GjsH:5QJGNc9BkdFUmeF7SEE
Static task
static1
Behavioral task
behavioral1
Sample
98e202cef9f0b0d90af28054ac9392aa7ec52c95faa56a012ced9274d9350d5cN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
98e202cef9f0b0d90af28054ac9392aa7ec52c95faa56a012ced9274d9350d5cN.exe
-
Size
1.4MB
-
MD5
bcfc356fc3daeb84c6d9c5cad63409f1
-
SHA1
25a708649803134082ae34bc92c236f04b8344e0
-
SHA256
d94c996218e981a9fc47662f0b1521d8d19d58ec43025c8ddc63d011e0a8a23e
-
SHA512
6f50b06f1abdf30d679e739fe478d34b205c6d9f1593058e7128b65e4ea9c52c213dd3aadcc456ed03011e5f88395be52772e632ba8b053067fd84c4429b092f
-
SSDEEP
24576:SyzCJTJMz82c5RNX5WoRHnkuhUDF9+fL4Z+rF7S5GjsH:5QJGNc9BkdFUmeF7SEE
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1