General
-
Target
47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c
-
Size
536KB
-
Sample
241109-ej9tqawngw
-
MD5
4808266f812d69da769a19688e1de3cf
-
SHA1
1cb1896e8bb8dbfb9d4759ffc982e829efca2777
-
SHA256
47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c
-
SHA512
fac6813ef4b74b7a5d9cafc758846120bcb5e17e0fe08b3befcaa02697bd7bc789c37243f699572dc056b1c466603ae76435592567c50bb081036bc570e81844
-
SSDEEP
12288:OMrPy90AncAT6Wz/8hHtd+gJtx/ucVqnWn7yFV:Jy2mpQhigJv/uWq+KV
Static task
static1
Behavioral task
behavioral1
Sample
47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c
-
Size
536KB
-
MD5
4808266f812d69da769a19688e1de3cf
-
SHA1
1cb1896e8bb8dbfb9d4759ffc982e829efca2777
-
SHA256
47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c
-
SHA512
fac6813ef4b74b7a5d9cafc758846120bcb5e17e0fe08b3befcaa02697bd7bc789c37243f699572dc056b1c466603ae76435592567c50bb081036bc570e81844
-
SSDEEP
12288:OMrPy90AncAT6Wz/8hHtd+gJtx/ucVqnWn7yFV:Jy2mpQhigJv/uWq+KV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1