General
-
Target
12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbbaN.exe
-
Size
374KB
-
Sample
241118-k68ststbkg
-
MD5
63dd96ddc054ce0c2606ac290a2aab50
-
SHA1
dea7036160a3d35612bef6e512700bd63e08e5bd
-
SHA256
12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbba
-
SHA512
d2373ee639ba7532f46c1559f060246d32f394a9cbff0406575de073ca5e762c3f8f697537a811cdbd5675c84fcb22c7929f7214ea46def9220a3f92a3058b97
-
SSDEEP
6144:KEy+bnr+/p0yN90QEgAjksXsGBhwj2Uv/8nbkvgbT+MFDJBU1qXMAX:UMrry90zksF6fv09b7DLb
Static task
static1
Behavioral task
behavioral1
Sample
12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbbaN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
fusa
193.233.20.12:4132
-
auth_value
a08b2f01bd2af756e38c5dd60e87e697
Targets
-
-
Target
12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbbaN.exe
-
Size
374KB
-
MD5
63dd96ddc054ce0c2606ac290a2aab50
-
SHA1
dea7036160a3d35612bef6e512700bd63e08e5bd
-
SHA256
12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbba
-
SHA512
d2373ee639ba7532f46c1559f060246d32f394a9cbff0406575de073ca5e762c3f8f697537a811cdbd5675c84fcb22c7929f7214ea46def9220a3f92a3058b97
-
SSDEEP
6144:KEy+bnr+/p0yN90QEgAjksXsGBhwj2Uv/8nbkvgbT+MFDJBU1qXMAX:UMrry90zksF6fv09b7DLb
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1