General
-
Target
e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62
-
Size
695KB
-
Sample
241104-qqqj7s1blm
-
MD5
569cc46df2287d34db748c1e1692e889
-
SHA1
7e793077eee94fb696ce60a9a0896293b513acc2
-
SHA256
e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62
-
SHA512
8bb63f615daefe491068191998b090dd087216ab52797cf382ae198a4a1fbc45b27a2573ce9d17cab048975b2fe1cbcc9781ff46566393b718357bccacfec264
-
SSDEEP
12288:iMrey907kf0Vk5KTvuHoVK2+ctig0wiyc/ED/0mQsc2zjsVr1gIeT:QyHMVk8T2HUb+ctigoy5YmDc2zi+IeT
Static task
static1
Behavioral task
behavioral1
Sample
e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62
-
Size
695KB
-
MD5
569cc46df2287d34db748c1e1692e889
-
SHA1
7e793077eee94fb696ce60a9a0896293b513acc2
-
SHA256
e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62
-
SHA512
8bb63f615daefe491068191998b090dd087216ab52797cf382ae198a4a1fbc45b27a2573ce9d17cab048975b2fe1cbcc9781ff46566393b718357bccacfec264
-
SSDEEP
12288:iMrey907kf0Vk5KTvuHoVK2+ctig0wiyc/ED/0mQsc2zjsVr1gIeT:QyHMVk8T2HUb+ctigoy5YmDc2zi+IeT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1