General
-
Target
ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3
-
Size
481KB
-
Sample
241109-f5hg2aydrm
-
MD5
8d01257c68a6f81f683d7ce0b17d0b2e
-
SHA1
d36ca60691a64bf3bcee7c2ec391850ebc90dc28
-
SHA256
ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3
-
SHA512
dade3861be7465aeef4b3d6159d1677d3f4827a7a672e5af7f6c1f7e276a146dcfd9704c49f9596cfb48109dc9b20d204d0382e7d5ba61167c8af5f58a88d4c6
-
SSDEEP
6144:KZy+bnr+Fp0yN90QEH7XakWsjZNcBcueMmQIPz2UIkjyt28GE65csRtSrhlVaQFD:DMrpy901qpj2qUDOHG8sShvn61+d
Static task
static1
Behavioral task
behavioral1
Sample
ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
misar
217.196.96.101:4132
-
auth_value
069dd9eeee8cff502b661416888f692a
Targets
-
-
Target
ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3
-
Size
481KB
-
MD5
8d01257c68a6f81f683d7ce0b17d0b2e
-
SHA1
d36ca60691a64bf3bcee7c2ec391850ebc90dc28
-
SHA256
ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3
-
SHA512
dade3861be7465aeef4b3d6159d1677d3f4827a7a672e5af7f6c1f7e276a146dcfd9704c49f9596cfb48109dc9b20d204d0382e7d5ba61167c8af5f58a88d4c6
-
SSDEEP
6144:KZy+bnr+Fp0yN90QEH7XakWsjZNcBcueMmQIPz2UIkjyt28GE65csRtSrhlVaQFD:DMrpy901qpj2qUDOHG8sShvn61+d
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1