General
-
Target
1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c
-
Size
570KB
-
Sample
241112-yx7q3atlam
-
MD5
50e4b16a1e346595ca01d9a6fcecac7c
-
SHA1
602b5caaab64c5e25d545cb10a243d258b9028bb
-
SHA256
1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c
-
SHA512
dd7f3d46f8c0156b5d856a5478dda42852a713ce862367b4c80ec042c871e818699ff3edda58f669c4a9bf174042a628e85577c5b7c58c995c3ad2ac666209e0
-
SSDEEP
12288:7Mrxy90dahimz7AuxqV2KnxfUEQBOMel19QdS2QPeY1:myEsVAuxYfnq7UMgsdSzPt
Static task
static1
Behavioral task
behavioral1
Sample
1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c
-
Size
570KB
-
MD5
50e4b16a1e346595ca01d9a6fcecac7c
-
SHA1
602b5caaab64c5e25d545cb10a243d258b9028bb
-
SHA256
1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c
-
SHA512
dd7f3d46f8c0156b5d856a5478dda42852a713ce862367b4c80ec042c871e818699ff3edda58f669c4a9bf174042a628e85577c5b7c58c995c3ad2ac666209e0
-
SSDEEP
12288:7Mrxy90dahimz7AuxqV2KnxfUEQBOMel19QdS2QPeY1:myEsVAuxYfnq7UMgsdSzPt
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1