General
-
Target
5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286
-
Size
1.5MB
-
Sample
241109-1s7llswlal
-
MD5
4ddf89aeb6340d26236ef6f8a6a34441
-
SHA1
00fbf733ae703d1bed55778a8bdc88b5c9c63485
-
SHA256
5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286
-
SHA512
d3a2081877be77734e121123528e13466022c08f7d4185bf4e122fc476d0e8123a00a041bf0ced8ebfc3f68bd451d709c714a4a97381d5d9f306122083ce4bb1
-
SSDEEP
24576:wygx75mYLNDYKR/v/5Hw4oW1OZxMfdqpklFPRZ/KgJay6EJ1fJOcbtV:3gxFlD9xv/5HwI1OAC4XN+yd1fJOcb
Static task
static1
Behavioral task
behavioral1
Sample
5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
max
185.161.248.73:4164
-
auth_value
efb1499709a5d08ed1ddf71cff71211f
Targets
-
-
Target
5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286
-
Size
1.5MB
-
MD5
4ddf89aeb6340d26236ef6f8a6a34441
-
SHA1
00fbf733ae703d1bed55778a8bdc88b5c9c63485
-
SHA256
5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286
-
SHA512
d3a2081877be77734e121123528e13466022c08f7d4185bf4e122fc476d0e8123a00a041bf0ced8ebfc3f68bd451d709c714a4a97381d5d9f306122083ce4bb1
-
SSDEEP
24576:wygx75mYLNDYKR/v/5Hw4oW1OZxMfdqpklFPRZ/KgJay6EJ1fJOcbtV:3gxFlD9xv/5HwI1OAC4XN+yd1fJOcb
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1