General
-
Target
1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03
-
Size
860KB
-
Sample
241109-1g2afsvrhl
-
MD5
9c881146a96f4b1060923c21c059f498
-
SHA1
8c5a678df7d8d3dd540e4f8331d79b29ddf15de6
-
SHA256
1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03
-
SHA512
56c64c364a196b74ab2e91e802d3ae7458bcb4cc2656a5ebf430a17344069e2f885af18d71466d60f045e0f5a3acd5f0620514c1e51bd0a170c3b561d15c0c25
-
SSDEEP
12288:aMrmy90biflOnzcioY+dg6aWAC6s4RtghUSWaYt6ktucb1gsNpL3yRqF4M4h1fr7:EyG8Ct+5ANRtZSW9bTTb3yRW4h1fre8
Static task
static1
Behavioral task
behavioral1
Sample
1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03
-
Size
860KB
-
MD5
9c881146a96f4b1060923c21c059f498
-
SHA1
8c5a678df7d8d3dd540e4f8331d79b29ddf15de6
-
SHA256
1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03
-
SHA512
56c64c364a196b74ab2e91e802d3ae7458bcb4cc2656a5ebf430a17344069e2f885af18d71466d60f045e0f5a3acd5f0620514c1e51bd0a170c3b561d15c0c25
-
SSDEEP
12288:aMrmy90biflOnzcioY+dg6aWAC6s4RtghUSWaYt6ktucb1gsNpL3yRqF4M4h1fr7:EyG8Ct+5ANRtZSW9bTTb3yRW4h1fre8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1