General
-
Target
2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01
-
Size
560KB
-
Sample
241113-zpf4tayjgy
-
MD5
09e1d0fa3af180dec0c9ea62a6b95a40
-
SHA1
faeeb39c727f89be9cb12ce74f55e3ada8e92b49
-
SHA256
2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01
-
SHA512
0489aa001d46fcd781083c23dbf20df6ac6bcafcc13f33a1f1a3f41f562ac0304fedecab1aa405e3cc6839bf23de0333e3c50f01e21d8a5e0846e0a0148a00c2
-
SSDEEP
12288:OMrNy90YZFuSpCo0ZFCk6qu8AOKqMdg3kq02Vm69jhT3DUhYg:PyXRpCNvCk6qgJNgJ02b9FTzUh9
Static task
static1
Behavioral task
behavioral1
Sample
2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01
-
Size
560KB
-
MD5
09e1d0fa3af180dec0c9ea62a6b95a40
-
SHA1
faeeb39c727f89be9cb12ce74f55e3ada8e92b49
-
SHA256
2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01
-
SHA512
0489aa001d46fcd781083c23dbf20df6ac6bcafcc13f33a1f1a3f41f562ac0304fedecab1aa405e3cc6839bf23de0333e3c50f01e21d8a5e0846e0a0148a00c2
-
SSDEEP
12288:OMrNy90YZFuSpCo0ZFCk6qu8AOKqMdg3kq02Vm69jhT3DUhYg:PyXRpCNvCk6qgJNgJ02b9FTzUh9
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1