General
-
Target
3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b
-
Size
687KB
-
Sample
241109-1h3jxashkr
-
MD5
5db6a0e2931f6564ff7f797c60b038fd
-
SHA1
866b51e995894fe86d2c41f9e961985a437a54eb
-
SHA256
3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b
-
SHA512
9561fb22e72ae54fd23e651cdbb5504708354d5eaa473f1e14bf1cb81ea45dcd8ec11c55eecb3ef86df556aafe46fe6556eed43b3ccb21f43b847b7d367fa0cc
-
SSDEEP
12288:YMrsy905cbq9X5zs6qPOHvqoU5pXTi59FU3rBMoz7kqOG2tGrg7m5:kytgXhsES5pXTC9e3KO8U0S5
Static task
static1
Behavioral task
behavioral1
Sample
3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b
-
Size
687KB
-
MD5
5db6a0e2931f6564ff7f797c60b038fd
-
SHA1
866b51e995894fe86d2c41f9e961985a437a54eb
-
SHA256
3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b
-
SHA512
9561fb22e72ae54fd23e651cdbb5504708354d5eaa473f1e14bf1cb81ea45dcd8ec11c55eecb3ef86df556aafe46fe6556eed43b3ccb21f43b847b7d367fa0cc
-
SSDEEP
12288:YMrsy905cbq9X5zs6qPOHvqoU5pXTi59FU3rBMoz7kqOG2tGrg7m5:kytgXhsES5pXTC9e3KO8U0S5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1