General
-
Target
9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb
-
Size
860KB
-
Sample
241109-ea3daaxapm
-
MD5
34039017a018ff1d89f26ad5738c02d6
-
SHA1
ed716e986f736f5b83c661344f076d2c30799652
-
SHA256
9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb
-
SHA512
3624b669c7f83439d4fa4d71da26ded5de6e6bdaea103a0456a6645cdf7279025549bdefc09cf49d102bf4b0bb8b82f4c5acd3229163e8dfbbcd327fbdcfdbdc
-
SSDEEP
24576:8ycbjKB9NSH5SWSDIyk+/N/3xywYhfSp2Q+:rYUSH8WSDIm/3x
Static task
static1
Behavioral task
behavioral1
Sample
9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb
-
Size
860KB
-
MD5
34039017a018ff1d89f26ad5738c02d6
-
SHA1
ed716e986f736f5b83c661344f076d2c30799652
-
SHA256
9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb
-
SHA512
3624b669c7f83439d4fa4d71da26ded5de6e6bdaea103a0456a6645cdf7279025549bdefc09cf49d102bf4b0bb8b82f4c5acd3229163e8dfbbcd327fbdcfdbdc
-
SSDEEP
24576:8ycbjKB9NSH5SWSDIyk+/N/3xywYhfSp2Q+:rYUSH8WSDIm/3x
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1