General
-
Target
fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e
-
Size
875KB
-
Sample
241104-q2e8lszhlg
-
MD5
1c554b64550fd91edf02aa244c3c92bb
-
SHA1
208150956f636668db1c8f92be5f16b48f035466
-
SHA256
fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e
-
SHA512
e9b7e702c7ea87b31786d232ff561deba624386a61f91366ae24f7bb3cac84b744bbe26b628286fbe72ef7d1243a8f83cf9b7aa60dbef9c80610fb6fdb52ab69
-
SSDEEP
24576:PyVPjvuwLdrNUdT2hL1utQS1HSDJTeizDoP:aVbvuIxUshL1AHSdT
Static task
static1
Behavioral task
behavioral1
Sample
fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e
-
Size
875KB
-
MD5
1c554b64550fd91edf02aa244c3c92bb
-
SHA1
208150956f636668db1c8f92be5f16b48f035466
-
SHA256
fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e
-
SHA512
e9b7e702c7ea87b31786d232ff561deba624386a61f91366ae24f7bb3cac84b744bbe26b628286fbe72ef7d1243a8f83cf9b7aa60dbef9c80610fb6fdb52ab69
-
SSDEEP
24576:PyVPjvuwLdrNUdT2hL1utQS1HSDJTeizDoP:aVbvuIxUshL1AHSdT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1