General
-
Target
803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78
-
Size
385KB
-
Sample
241104-12e8qaxpf1
-
MD5
f29e78bd40508ba6dcdd1512b62c5837
-
SHA1
f322f1d8e203b90130df36d5d4aad84f9a458492
-
SHA256
803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78
-
SHA512
58f5141f7780e5f7845cf020b6daca55969d739475813d9ffa9172655c5bbae4ad998177b33951e28590ccdc34e32e78426d376c4e873047f821661e7db2c7ba
-
SSDEEP
6144:Kfy+bnr+Np0yN90QEAPtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN7:tMrBy90MtBLBt/cwlsWzTEItpi1X0G
Static task
static1
Behavioral task
behavioral1
Sample
803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78
-
Size
385KB
-
MD5
f29e78bd40508ba6dcdd1512b62c5837
-
SHA1
f322f1d8e203b90130df36d5d4aad84f9a458492
-
SHA256
803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78
-
SHA512
58f5141f7780e5f7845cf020b6daca55969d739475813d9ffa9172655c5bbae4ad998177b33951e28590ccdc34e32e78426d376c4e873047f821661e7db2c7ba
-
SSDEEP
6144:Kfy+bnr+Np0yN90QEAPtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN7:tMrBy90MtBLBt/cwlsWzTEItpi1X0G
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1