General
-
Target
40f3e572696cfd521671ff689b7a4ff533147e394ea3e8e7f28f1917c4c5e3c7
-
Size
810KB
-
Sample
241109-flp3rsyapj
-
MD5
102df802e0f6c98a1d529742905bb822
-
SHA1
f126df4f0f77e4840816c617ace762910183dfa8
-
SHA256
40f3e572696cfd521671ff689b7a4ff533147e394ea3e8e7f28f1917c4c5e3c7
-
SHA512
f535df6cd74b3738dbeabd3d902c24148fc5270723bdd87d56f87cb0f6ca1f73844f5904df581873996ae7688150d94e83980326ab5bfa608a30de13478c1092
-
SSDEEP
12288:nMrIy90pgi5xFRge+5/TWxr4cndS8SOVSb2w17xSMWdi39aG3dcfzUINS:DyNi5xFuGdSBOM57opQNcfho
Static task
static1
Behavioral task
behavioral1
Sample
40f3e572696cfd521671ff689b7a4ff533147e394ea3e8e7f28f1917c4c5e3c7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
40f3e572696cfd521671ff689b7a4ff533147e394ea3e8e7f28f1917c4c5e3c7
-
Size
810KB
-
MD5
102df802e0f6c98a1d529742905bb822
-
SHA1
f126df4f0f77e4840816c617ace762910183dfa8
-
SHA256
40f3e572696cfd521671ff689b7a4ff533147e394ea3e8e7f28f1917c4c5e3c7
-
SHA512
f535df6cd74b3738dbeabd3d902c24148fc5270723bdd87d56f87cb0f6ca1f73844f5904df581873996ae7688150d94e83980326ab5bfa608a30de13478c1092
-
SSDEEP
12288:nMrIy90pgi5xFRge+5/TWxr4cndS8SOVSb2w17xSMWdi39aG3dcfzUINS:DyNi5xFuGdSBOM57opQNcfho
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1