General
-
Target
37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985
-
Size
731KB
-
Sample
241108-zemhva1rgm
-
MD5
c5748166a76329da55d2d6b77efee34f
-
SHA1
8f01c4769391a13262551a2ad702a4759493ed70
-
SHA256
37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985
-
SHA512
e65f2a24c748ac4aa1d1fcd27282fe42b82f06bb290f1ee054ec6a0c8d915b83148b6467eb247b20ed34334f66fc606227b301965664631353cadb94cfc409dd
-
SSDEEP
12288:MMrEy9099ZI2/ZQEwW+v5PpXxZf3Mv49wHA/wYrw/jNmzjJ9QKzPZiJU8VE94a/U:Iy6IWZHwW+BpXxt8vJHLQPJ9XutVza/U
Static task
static1
Behavioral task
behavioral1
Sample
37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mars
83.97.73.127:19045
-
auth_value
91bd3682cfb50cdc64b6009eb977b766
Targets
-
-
Target
37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985
-
Size
731KB
-
MD5
c5748166a76329da55d2d6b77efee34f
-
SHA1
8f01c4769391a13262551a2ad702a4759493ed70
-
SHA256
37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985
-
SHA512
e65f2a24c748ac4aa1d1fcd27282fe42b82f06bb290f1ee054ec6a0c8d915b83148b6467eb247b20ed34334f66fc606227b301965664631353cadb94cfc409dd
-
SSDEEP
12288:MMrEy9099ZI2/ZQEwW+v5PpXxZf3Mv49wHA/wYrw/jNmzjJ9QKzPZiJU8VE94a/U:Iy6IWZHwW+BpXxt8vJHLQPJ9XutVza/U
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1