General
-
Target
87acadbd863d2720d8616090402aa91b16a70f3d41665cc8dfebd41c0d64ea80
-
Size
550KB
-
Sample
241109-em75aswpdy
-
MD5
88ce503f9f3a14a32fbb5bb95f26b39e
-
SHA1
8337ed79d73f998d68ca3e8db19f14e9de0efd20
-
SHA256
87acadbd863d2720d8616090402aa91b16a70f3d41665cc8dfebd41c0d64ea80
-
SHA512
445fdc7cc2219e8cc92771d27fc09a3d197e7786df45864a9f16f418566aa80b6b925f6f7ad65dee90d596b48630b2cd0fb7624c149a93a69f120914a51f0ee4
-
SSDEEP
6144:K4y+bnr+KPp0yN90QEhocziL+cUdiv140c1vzaVMIoU2V3rR/w65ToMLmm9ZFeVt:sMrgy90wYi6YSIodlFwXKFeQcXdIjJw
Static task
static1
Behavioral task
behavioral1
Sample
87acadbd863d2720d8616090402aa91b16a70f3d41665cc8dfebd41c0d64ea80.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
87acadbd863d2720d8616090402aa91b16a70f3d41665cc8dfebd41c0d64ea80
-
Size
550KB
-
MD5
88ce503f9f3a14a32fbb5bb95f26b39e
-
SHA1
8337ed79d73f998d68ca3e8db19f14e9de0efd20
-
SHA256
87acadbd863d2720d8616090402aa91b16a70f3d41665cc8dfebd41c0d64ea80
-
SHA512
445fdc7cc2219e8cc92771d27fc09a3d197e7786df45864a9f16f418566aa80b6b925f6f7ad65dee90d596b48630b2cd0fb7624c149a93a69f120914a51f0ee4
-
SSDEEP
6144:K4y+bnr+KPp0yN90QEhocziL+cUdiv140c1vzaVMIoU2V3rR/w65ToMLmm9ZFeVt:sMrgy90wYi6YSIodlFwXKFeQcXdIjJw
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1