General
-
Target
f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808
-
Size
792KB
-
Sample
241109-eg774szlcp
-
MD5
dfa9f5926e4e1fc060084da98d60bd6e
-
SHA1
e40153355589f03e407caa0e40b85ab2d696146c
-
SHA256
f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808
-
SHA512
f6c8047af141ce03023bf7143c56217d3fdb44b155ff8e54dd41f3375c3a25cf4522564139d80454bfe63f9c37a8f3b09493262f68baa7f8e56b32ae8ec0e518
-
SSDEEP
12288:sMrAy90YWFmzMqhj8qP7OJxNY5VIM+dJyR53LYac80SS1JHjA8Wr9rjXVdtcLrVT:UywFQMWP7qNYkM+GrLtFKjv4rhTcvVT
Static task
static1
Behavioral task
behavioral1
Sample
f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808
-
Size
792KB
-
MD5
dfa9f5926e4e1fc060084da98d60bd6e
-
SHA1
e40153355589f03e407caa0e40b85ab2d696146c
-
SHA256
f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808
-
SHA512
f6c8047af141ce03023bf7143c56217d3fdb44b155ff8e54dd41f3375c3a25cf4522564139d80454bfe63f9c37a8f3b09493262f68baa7f8e56b32ae8ec0e518
-
SSDEEP
12288:sMrAy90YWFmzMqhj8qP7OJxNY5VIM+dJyR53LYac80SS1JHjA8Wr9rjXVdtcLrVT:UywFQMWP7qNYkM+GrLtFKjv4rhTcvVT
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1