General
-
Target
1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac
-
Size
689KB
-
Sample
241109-d6y53awlbw
-
MD5
09cf988fe929e0916c6a93e2f819b1cd
-
SHA1
897cfb01ada92e29cdbc2268cce6fce30d00223e
-
SHA256
1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac
-
SHA512
0de621a0b652e05bc21732e3af93adb05865f599040f4ef7c6db51ba19d5362a00bf00ff63084643fbdfe16bb79ac4267e21d00d54bb4ac08806f2a24788581b
-
SSDEEP
12288:QMr+y90srtlHPuW42rsk63watvnQ1InVmOyEWRsGP43xwYMiKbCxZFlf+Iodc7:+yX5lmlyZEtmumOytRsI4h/Mv2xB4da
Static task
static1
Behavioral task
behavioral1
Sample
1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac
-
Size
689KB
-
MD5
09cf988fe929e0916c6a93e2f819b1cd
-
SHA1
897cfb01ada92e29cdbc2268cce6fce30d00223e
-
SHA256
1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac
-
SHA512
0de621a0b652e05bc21732e3af93adb05865f599040f4ef7c6db51ba19d5362a00bf00ff63084643fbdfe16bb79ac4267e21d00d54bb4ac08806f2a24788581b
-
SSDEEP
12288:QMr+y90srtlHPuW42rsk63watvnQ1InVmOyEWRsGP43xwYMiKbCxZFlf+Iodc7:+yX5lmlyZEtmumOytRsI4h/Mv2xB4da
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1