General
-
Target
d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf
-
Size
844KB
-
Sample
241104-rdcy1szngt
-
MD5
e09ec808260796c871905a00d51c3982
-
SHA1
8a8e3ab0e7a0ec83acbfc8d36c81050e85c4128c
-
SHA256
d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf
-
SHA512
e5c79be56cc8916f9a06382a086c64f57ff3d2382a0315fff26d5d569de1c12ce2df1338b52971b584c1eec481299dc2ce84ff9b4b2f29d0a663f204320294fa
-
SSDEEP
24576:5yTmHos3wCAV0v8qDvFW5XI+1Tmc+U3jrq37Wy7IM:sTN4nDvn9W5XI5c33jTV
Static task
static1
Behavioral task
behavioral1
Sample
d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf
-
Size
844KB
-
MD5
e09ec808260796c871905a00d51c3982
-
SHA1
8a8e3ab0e7a0ec83acbfc8d36c81050e85c4128c
-
SHA256
d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf
-
SHA512
e5c79be56cc8916f9a06382a086c64f57ff3d2382a0315fff26d5d569de1c12ce2df1338b52971b584c1eec481299dc2ce84ff9b4b2f29d0a663f204320294fa
-
SSDEEP
24576:5yTmHos3wCAV0v8qDvFW5XI+1Tmc+U3jrq37Wy7IM:sTN4nDvn9W5XI5c33jTV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1