General
-
Target
05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090
-
Size
546KB
-
Sample
241112-xzmm8szakq
-
MD5
7d4376d62dfefa89a2a1946ae82ada56
-
SHA1
ab80a3ea1b39cb95617322e73daaff7148ff1e00
-
SHA256
05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090
-
SHA512
357956ab6ffb55b4d1dae2fc1e29cc272b5a9cd75373476e86d6abee65eb7e0f0c923778a18a1a689bd42ea84035d978e372b516f093e9617944a4541f2097f1
-
SSDEEP
12288:uMr8y90mZyb71Wcg7dsthwLzef0ZoBH05j:uyjZEWcE64O0ZoBHKj
Static task
static1
Behavioral task
behavioral1
Sample
05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090
-
Size
546KB
-
MD5
7d4376d62dfefa89a2a1946ae82ada56
-
SHA1
ab80a3ea1b39cb95617322e73daaff7148ff1e00
-
SHA256
05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090
-
SHA512
357956ab6ffb55b4d1dae2fc1e29cc272b5a9cd75373476e86d6abee65eb7e0f0c923778a18a1a689bd42ea84035d978e372b516f093e9617944a4541f2097f1
-
SSDEEP
12288:uMr8y90mZyb71Wcg7dsthwLzef0ZoBH05j:uyjZEWcE64O0ZoBHKj
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1