General
-
Target
b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9
-
Size
1.5MB
-
Sample
241109-d84hkazjgq
-
MD5
0161db63f9e307bc62d98b22a3b5f565
-
SHA1
0a5b855c14dd26fca034b9d5b86c885f75061b39
-
SHA256
b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9
-
SHA512
afdc8b7dc56747b22a863c4ca8a95b76dbab428ff82fcc1d9d92233de5f6aee5cc52538fecd4e33f9948f6dd821bd70cb8436cd1337da617eabc31e8dc965155
-
SSDEEP
24576:CyePAVGK6K986RSd1xxJziATQzUVWyjx4TFGWkYKxjmuNleOMucv6RNpCY08EEDw:p2AV8K986kTJziA0zsxGkWCzIE6
Static task
static1
Behavioral task
behavioral1
Sample
b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
maza
185.161.248.73:4164
-
auth_value
474d54c1c2f5291290c53f8378acd684
Targets
-
-
Target
b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9
-
Size
1.5MB
-
MD5
0161db63f9e307bc62d98b22a3b5f565
-
SHA1
0a5b855c14dd26fca034b9d5b86c885f75061b39
-
SHA256
b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9
-
SHA512
afdc8b7dc56747b22a863c4ca8a95b76dbab428ff82fcc1d9d92233de5f6aee5cc52538fecd4e33f9948f6dd821bd70cb8436cd1337da617eabc31e8dc965155
-
SSDEEP
24576:CyePAVGK6K986RSd1xxJziATQzUVWyjx4TFGWkYKxjmuNleOMucv6RNpCY08EEDw:p2AV8K986kTJziA0zsxGkWCzIE6
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1