General
-
Target
b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0
-
Size
1.1MB
-
Sample
241109-f33p7aydmg
-
MD5
352762141869b8a322af74d70d96b387
-
SHA1
04cf0de3608c1452611ff67f3de5257fd0b3cd14
-
SHA256
b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0
-
SHA512
3710990328eaf7239bfce08733b5b1f95bbe60568d8b455cbbb800eeca17d9f6da3d558d359574815f64e27e6c9b9c2b5cebbc86bcc5dca9d2963640635c430e
-
SSDEEP
24576:MyJ82V0Qolx1kUrGWT0Nk9wMuE2jipJvxduHHHL9j9lU:7q2m9B0Eu/qduHL9H
Static task
static1
Behavioral task
behavioral1
Sample
b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0
-
Size
1.1MB
-
MD5
352762141869b8a322af74d70d96b387
-
SHA1
04cf0de3608c1452611ff67f3de5257fd0b3cd14
-
SHA256
b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0
-
SHA512
3710990328eaf7239bfce08733b5b1f95bbe60568d8b455cbbb800eeca17d9f6da3d558d359574815f64e27e6c9b9c2b5cebbc86bcc5dca9d2963640635c430e
-
SSDEEP
24576:MyJ82V0Qolx1kUrGWT0Nk9wMuE2jipJvxduHHHL9j9lU:7q2m9B0Eu/qduHL9H
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1