General
-
Target
8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee
-
Size
536KB
-
Sample
241109-eqhc2swphy
-
MD5
6e28c6d5fb5421cbaa8701c7161555ef
-
SHA1
01694a53c2feb081692656dd93ed27b34960c4c5
-
SHA256
8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee
-
SHA512
888388f86a319b6e99f9235e39c029bd40b3041d478c9f5e52087a0104be9188d2be19b918f4795273d6fdc460a38488fd985fb87f9d885c0599e7d609ede669
-
SSDEEP
12288:lMrvy90kmFhiVwxtMPY36UUrJtx/uzCqytn7ynbkN:uyXs0VwxqPYKUUrJv/uuqOQbkN
Static task
static1
Behavioral task
behavioral1
Sample
8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee
-
Size
536KB
-
MD5
6e28c6d5fb5421cbaa8701c7161555ef
-
SHA1
01694a53c2feb081692656dd93ed27b34960c4c5
-
SHA256
8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee
-
SHA512
888388f86a319b6e99f9235e39c029bd40b3041d478c9f5e52087a0104be9188d2be19b918f4795273d6fdc460a38488fd985fb87f9d885c0599e7d609ede669
-
SSDEEP
12288:lMrvy90kmFhiVwxtMPY36UUrJtx/uzCqytn7ynbkN:uyXs0VwxqPYKUUrJv/uuqOQbkN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1