General
-
Target
f897e50ad699e1be34fa57078cfc146da2c06db99ee3afc1522728ed9a726cdc
-
Size
550KB
-
Sample
241109-ed42aaxbjc
-
MD5
f7c8970237858fb77fcfef834f4e2fbf
-
SHA1
1821e2ddf999f254f84b5ea3aea6b0c7583e82dd
-
SHA256
f897e50ad699e1be34fa57078cfc146da2c06db99ee3afc1522728ed9a726cdc
-
SHA512
b5d674b898ac3b5823159f11d6cf06d7caf05c79ce1d313bcdcaf05bd1be31bf60273263d28880dba2a4bc259cfa591f407f567a44debc9e5b9d225ed85d9a49
-
SSDEEP
12288:VMrFy90wcCmRnL1G2P3oBDGxdJIH2SvqVyLj3DNV5ofz5CFT:oy9cCY42P3oidc38CjVoCT
Static task
static1
Behavioral task
behavioral1
Sample
f897e50ad699e1be34fa57078cfc146da2c06db99ee3afc1522728ed9a726cdc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
f897e50ad699e1be34fa57078cfc146da2c06db99ee3afc1522728ed9a726cdc
-
Size
550KB
-
MD5
f7c8970237858fb77fcfef834f4e2fbf
-
SHA1
1821e2ddf999f254f84b5ea3aea6b0c7583e82dd
-
SHA256
f897e50ad699e1be34fa57078cfc146da2c06db99ee3afc1522728ed9a726cdc
-
SHA512
b5d674b898ac3b5823159f11d6cf06d7caf05c79ce1d313bcdcaf05bd1be31bf60273263d28880dba2a4bc259cfa591f407f567a44debc9e5b9d225ed85d9a49
-
SSDEEP
12288:VMrFy90wcCmRnL1G2P3oBDGxdJIH2SvqVyLj3DNV5ofz5CFT:oy9cCY42P3oidc38CjVoCT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1