General
-
Target
8f5aacba4697188eaf8541728f2b5d795769963059df62a65f5aece82d0395deN.exe
-
Size
555KB
-
Sample
241113-pa4lfs1gnd
-
MD5
38c98fe2dd8941f16f338c5ad4a393b0
-
SHA1
eaef9f30e09cef4a863a1073c6ea58457e3810e8
-
SHA256
8f5aacba4697188eaf8541728f2b5d795769963059df62a65f5aece82d0395de
-
SHA512
402970ff120fbe49eb5ad35af7fcd27a834f68f548b45d5994edd08b4ecf9906894913482091c67aea8079a9a4b59dcbf08448471f8de78ede3770d980c48e8b
-
SSDEEP
12288:1MrCy902v5AkHhG7fo5KHT+5847Mic61JKsJmIGoyJQ2hitZTvWhm:7ybHMmKzRic6bSIGj+GMbWhm
Static task
static1
Behavioral task
behavioral1
Sample
8f5aacba4697188eaf8541728f2b5d795769963059df62a65f5aece82d0395deN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dubik
193.233.20.17:4139
-
auth_value
05136deb26ad700ca57d43b1de454f46
Targets
-
-
Target
8f5aacba4697188eaf8541728f2b5d795769963059df62a65f5aece82d0395deN.exe
-
Size
555KB
-
MD5
38c98fe2dd8941f16f338c5ad4a393b0
-
SHA1
eaef9f30e09cef4a863a1073c6ea58457e3810e8
-
SHA256
8f5aacba4697188eaf8541728f2b5d795769963059df62a65f5aece82d0395de
-
SHA512
402970ff120fbe49eb5ad35af7fcd27a834f68f548b45d5994edd08b4ecf9906894913482091c67aea8079a9a4b59dcbf08448471f8de78ede3770d980c48e8b
-
SSDEEP
12288:1MrCy902v5AkHhG7fo5KHT+5847Mic61JKsJmIGoyJQ2hitZTvWhm:7ybHMmKzRic6bSIGj+GMbWhm
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1