General
-
Target
73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a.exe
-
Size
790KB
-
Sample
241113-yqpa5s1qgm
-
MD5
a170040b00ccf84b37a43a86222acd28
-
SHA1
722a7329052f7c4d1be13ea7a8ac4d336408017b
-
SHA256
73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a
-
SHA512
260b67ad2dcfd94eb58a92a24f17f51fc75795e71e42143df9e01f351a75f316c8b206c814e2f584308c356e99b733f8b70b24adf56f726e24d652e1f06f65a5
-
SSDEEP
12288:wMr8y905HHLOcIwaD6QEX1sLuxaMxrcgTFAfEieWUVPsBAIDA/i:cyKOcxabyiolx71POAIDA/i
Static task
static1
Behavioral task
behavioral1
Sample
73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
diza
77.91.124.145:4125
-
auth_value
bbab0d2f0ae4d4fdd6b17077d93b3e80
Targets
-
-
Target
73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a.exe
-
Size
790KB
-
MD5
a170040b00ccf84b37a43a86222acd28
-
SHA1
722a7329052f7c4d1be13ea7a8ac4d336408017b
-
SHA256
73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a
-
SHA512
260b67ad2dcfd94eb58a92a24f17f51fc75795e71e42143df9e01f351a75f316c8b206c814e2f584308c356e99b733f8b70b24adf56f726e24d652e1f06f65a5
-
SSDEEP
12288:wMr8y905HHLOcIwaD6QEX1sLuxaMxrcgTFAfEieWUVPsBAIDA/i:cyKOcxabyiolx71POAIDA/i
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1