General
-
Target
38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4
-
Size
1.0MB
-
Sample
241113-z1185asnar
-
MD5
a547667f441552d12ab421f40b18e5dd
-
SHA1
e9fa9d9c2e2a2a71d6860a372137630ecd9f9ef6
-
SHA256
38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4
-
SHA512
44b95a713f697df7d09a775e20b1780d65c018f35ca3d33816b3bf51de5676ca37ee8f649046993774d884225f283a947fc2fb5051f986c262771fc60571a511
-
SSDEEP
24576:OyeO0VU/ajepNmb95MBr5RknttjIJCB+5GYKXIVHe:df0gyevmb95a5RknttqCBzYKX
Static task
static1
Behavioral task
behavioral1
Sample
38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4
-
Size
1.0MB
-
MD5
a547667f441552d12ab421f40b18e5dd
-
SHA1
e9fa9d9c2e2a2a71d6860a372137630ecd9f9ef6
-
SHA256
38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4
-
SHA512
44b95a713f697df7d09a775e20b1780d65c018f35ca3d33816b3bf51de5676ca37ee8f649046993774d884225f283a947fc2fb5051f986c262771fc60571a511
-
SSDEEP
24576:OyeO0VU/ajepNmb95MBr5RknttjIJCB+5GYKXIVHe:df0gyevmb95a5RknttqCBzYKX
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1