General
-
Target
7e99fc3b639b4f6e9bcc0a989b090e21eea4e6c40e1b445a3fd561da936bed27N.exe
-
Size
408KB
-
Sample
241113-ynn8csxpbv
-
MD5
c03f44f6fb3fa44184a5177ab42e4e00
-
SHA1
171cd2aceb6c8844c058959baed20e8c63e4f306
-
SHA256
7e99fc3b639b4f6e9bcc0a989b090e21eea4e6c40e1b445a3fd561da936bed27
-
SHA512
2045013e342a416b843538f64cdbea332b3918c402598b1baec2924a786c6263eff4c835ec83bbb00b4c0efb851c562cec788e5602cd0e7a81406642bf3b7bae
-
SSDEEP
6144:KPy+bnr+Lp0yN90QEBnKRsCwTIii1ob9z7lptVBBTKrelv/7kgIZvBZ:tMr3y90I5YIii1obVdVXTKilXgVZZZ
Static task
static1
Behavioral task
behavioral1
Sample
7e99fc3b639b4f6e9bcc0a989b090e21eea4e6c40e1b445a3fd561da936bed27N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
7e99fc3b639b4f6e9bcc0a989b090e21eea4e6c40e1b445a3fd561da936bed27N.exe
-
Size
408KB
-
MD5
c03f44f6fb3fa44184a5177ab42e4e00
-
SHA1
171cd2aceb6c8844c058959baed20e8c63e4f306
-
SHA256
7e99fc3b639b4f6e9bcc0a989b090e21eea4e6c40e1b445a3fd561da936bed27
-
SHA512
2045013e342a416b843538f64cdbea332b3918c402598b1baec2924a786c6263eff4c835ec83bbb00b4c0efb851c562cec788e5602cd0e7a81406642bf3b7bae
-
SSDEEP
6144:KPy+bnr+Lp0yN90QEBnKRsCwTIii1ob9z7lptVBBTKrelv/7kgIZvBZ:tMr3y90I5YIii1obVdVXTKilXgVZZZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1