General
-
Target
dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75
-
Size
385KB
-
Sample
241109-ep3btsxdka
-
MD5
566a322e094ea33da651578d7d8c9fa6
-
SHA1
43a96cded186b6428e39e29e83b93646ff4e8b31
-
SHA256
dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75
-
SHA512
426a2ce66fb4bf751aada1fccee937bc5c467ae3d3323231b728f6a90e411553a0c07e5072c889bf3af4e4d01e00ad606cab9d443c182f842db4ad2b4c96e5c4
-
SSDEEP
6144:KUy+bnr+Sp0yN90QEUnJV63upgdOUlnRXE06NgnUW/wAXCEreDJ5pK+nB35s6v:YMrey908CNd/nR00jnUewASx5pV5s6v
Static task
static1
Behavioral task
behavioral1
Sample
dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75
-
Size
385KB
-
MD5
566a322e094ea33da651578d7d8c9fa6
-
SHA1
43a96cded186b6428e39e29e83b93646ff4e8b31
-
SHA256
dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75
-
SHA512
426a2ce66fb4bf751aada1fccee937bc5c467ae3d3323231b728f6a90e411553a0c07e5072c889bf3af4e4d01e00ad606cab9d443c182f842db4ad2b4c96e5c4
-
SSDEEP
6144:KUy+bnr+Sp0yN90QEUnJV63upgdOUlnRXE06NgnUW/wAXCEreDJ5pK+nB35s6v:YMrey908CNd/nR00jnUewASx5pV5s6v
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1