General
-
Target
f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a
-
Size
787KB
-
Sample
241104-zj17ssxanh
-
MD5
1fa89a675e8885491386cb427ee254a0
-
SHA1
6d0663f013a81f6429294f2f6dd0c9fbc5dd33de
-
SHA256
f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a
-
SHA512
2b25354a31252ed4ce02608cf1a78fb983344eab9a41e2f2da5547de88f15b4c1f8bcf077b79f19b80a7b43b3582c589bfbb70dce02a34480043c7e0baa0cc04
-
SSDEEP
12288:4Mriy90ZWnmDmC/cOW2xDTNlxZadKnS6TaLeWTdv0OBvU9R8Dim:qy/RCUOW2nfZaKvTm5hv0OBYuDim
Static task
static1
Behavioral task
behavioral1
Sample
f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a
-
Size
787KB
-
MD5
1fa89a675e8885491386cb427ee254a0
-
SHA1
6d0663f013a81f6429294f2f6dd0c9fbc5dd33de
-
SHA256
f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a
-
SHA512
2b25354a31252ed4ce02608cf1a78fb983344eab9a41e2f2da5547de88f15b4c1f8bcf077b79f19b80a7b43b3582c589bfbb70dce02a34480043c7e0baa0cc04
-
SSDEEP
12288:4Mriy90ZWnmDmC/cOW2xDTNlxZadKnS6TaLeWTdv0OBvU9R8Dim:qy/RCUOW2nfZaKvTm5hv0OBYuDim
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1