General
-
Target
77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3
-
Size
875KB
-
Sample
241104-12xg1aybqg
-
MD5
df349954609a18ad12fe2e61b93654ed
-
SHA1
0fdc11f7782070d8cec6f5a48c69c060e9d966e1
-
SHA256
77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3
-
SHA512
92d19b136857a10f89536495bfa3056087969d51891a1a54ebf03c2f1b269119e4f42e4ceb9715e84ad9975a5cb643f8d75ccad46e2828254fae4becb445a43c
-
SSDEEP
24576:kyBKRR4xmNrR/8eoiQnse9kPC0FpgmSdjaCSlp:zXxeqx5NAC0AmSNaCe
Static task
static1
Behavioral task
behavioral1
Sample
77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3
-
Size
875KB
-
MD5
df349954609a18ad12fe2e61b93654ed
-
SHA1
0fdc11f7782070d8cec6f5a48c69c060e9d966e1
-
SHA256
77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3
-
SHA512
92d19b136857a10f89536495bfa3056087969d51891a1a54ebf03c2f1b269119e4f42e4ceb9715e84ad9975a5cb643f8d75ccad46e2828254fae4becb445a43c
-
SSDEEP
24576:kyBKRR4xmNrR/8eoiQnse9kPC0FpgmSdjaCSlp:zXxeqx5NAC0AmSNaCe
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1