General
-
Target
b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18
-
Size
481KB
-
Sample
241109-empmyszmek
-
MD5
5211929951d02935d6ad4c9710e1cc07
-
SHA1
9ed4a550307e39ac90adb853d159d8df48a5083e
-
SHA256
b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18
-
SHA512
a34a8143b005444536b558441a6fa6c1a420524ef497449ff518655d6ca133b9fb5237dcb82e5547b99520eac8e35e4577ac8263e6762f92b0d9e618c1ef079c
-
SSDEEP
12288:tMr7y90KH/gkXliORE0c4PVD1P2aLkLV:GyVpsWEf4PBkaLkLV
Static task
static1
Behavioral task
behavioral1
Sample
b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
misar
217.196.96.101:4132
-
auth_value
069dd9eeee8cff502b661416888f692a
Targets
-
-
Target
b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18
-
Size
481KB
-
MD5
5211929951d02935d6ad4c9710e1cc07
-
SHA1
9ed4a550307e39ac90adb853d159d8df48a5083e
-
SHA256
b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18
-
SHA512
a34a8143b005444536b558441a6fa6c1a420524ef497449ff518655d6ca133b9fb5237dcb82e5547b99520eac8e35e4577ac8263e6762f92b0d9e618c1ef079c
-
SSDEEP
12288:tMr7y90KH/gkXliORE0c4PVD1P2aLkLV:GyVpsWEf4PBkaLkLV
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1