General
-
Target
bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa.exe
-
Size
694KB
-
Sample
241113-rqc5jswrem
-
MD5
77fd2a6a3576ed95279d3b7b72ad1393
-
SHA1
823df80e5318a53827f7b3c7e0831506eb2856fe
-
SHA256
bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa
-
SHA512
ec149ce8e2315d66184501c5ec55102d6a077d115c93317317ec4ae202320560bd84e5084d8df6b643fdcfa201615ee361c0fc9648a1725b6c13efc04883b1f8
-
SSDEEP
12288:lMrVy90tAVpB7XM05Lh0+YzxLYoIM8q3bVYAlSTLptffTO0Vy++ixhmjr32:Yy1pJM0dh0+Yzxko5pmAlItffCvnixwi
Static task
static1
Behavioral task
behavioral1
Sample
bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa.exe
-
Size
694KB
-
MD5
77fd2a6a3576ed95279d3b7b72ad1393
-
SHA1
823df80e5318a53827f7b3c7e0831506eb2856fe
-
SHA256
bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa
-
SHA512
ec149ce8e2315d66184501c5ec55102d6a077d115c93317317ec4ae202320560bd84e5084d8df6b643fdcfa201615ee361c0fc9648a1725b6c13efc04883b1f8
-
SSDEEP
12288:lMrVy90tAVpB7XM05Lh0+YzxLYoIM8q3bVYAlSTLptffTO0Vy++ixhmjr32:Yy1pJM0dh0+Yzxko5pmAlItffCvnixwi
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1