General
-
Target
2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0
-
Size
551KB
-
Sample
241109-f2rarsxpgw
-
MD5
88d3e9b6e625cdacba31d52d21d704b4
-
SHA1
8328ca10bb3660e64cd97f00b37f0a98b5fd4288
-
SHA256
2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0
-
SHA512
5076b4027c9d4e5747dc9bd1351a3019728ee04c03fe1dbedbdbb34ea3a28de1d68c2f5b787dd1b6af2a3ea51cbae5ba981710a58a253bade3b4d8d0712ac03c
-
SSDEEP
12288:5Mrcy900/piANdQcIvW0CDIsmE7zXeEmJQVbrMxL:RythiBcW1hsR7zXxmJQJrcL
Static task
static1
Behavioral task
behavioral1
Sample
2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0
-
Size
551KB
-
MD5
88d3e9b6e625cdacba31d52d21d704b4
-
SHA1
8328ca10bb3660e64cd97f00b37f0a98b5fd4288
-
SHA256
2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0
-
SHA512
5076b4027c9d4e5747dc9bd1351a3019728ee04c03fe1dbedbdbb34ea3a28de1d68c2f5b787dd1b6af2a3ea51cbae5ba981710a58a253bade3b4d8d0712ac03c
-
SSDEEP
12288:5Mrcy900/piANdQcIvW0CDIsmE7zXeEmJQVbrMxL:RythiBcW1hsR7zXxmJQJrcL
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1