General
-
Target
2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4
-
Size
777KB
-
Sample
241109-ejy28axcjb
-
MD5
4b648b68b83a424df9a2c5e5a73d95ae
-
SHA1
5a2f35120b807f72c890e71f771d11a5eea92b4d
-
SHA256
2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4
-
SHA512
deaa8b72e23d5f0da07fb834c1479ea277a299300e8abee3bec5fae7733d72c11c75c24c103414a20cd26b9d269b53b3d10ec6ffa8e2152cacb4a5c418cf66cf
-
SSDEEP
12288:AMrLy90EXu3cbU+uOw2eJl0P6aq7VmnPJk6sDTtoepp9TMMYNmjdvjz1WNF58RYs:byiuU+uzm27iJ9sDarajpjzINf84vK
Static task
static1
Behavioral task
behavioral1
Sample
2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4
-
Size
777KB
-
MD5
4b648b68b83a424df9a2c5e5a73d95ae
-
SHA1
5a2f35120b807f72c890e71f771d11a5eea92b4d
-
SHA256
2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4
-
SHA512
deaa8b72e23d5f0da07fb834c1479ea277a299300e8abee3bec5fae7733d72c11c75c24c103414a20cd26b9d269b53b3d10ec6ffa8e2152cacb4a5c418cf66cf
-
SSDEEP
12288:AMrLy90EXu3cbU+uOw2eJl0P6aq7VmnPJk6sDTtoepp9TMMYNmjdvjz1WNF58RYs:byiuU+uzm27iJ9sDarajpjzINf84vK
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1