General
-
Target
4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3
-
Size
647KB
-
Sample
241109-fq2mcsybmq
-
MD5
e11d4ce2cbe6ca5bc669cd269c5ef823
-
SHA1
b6e1abdd23bf66aaa85151e05737619ff13ec1f7
-
SHA256
4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3
-
SHA512
52c789d7bbd1aa7ea0215a5d95959f0314b29b101b867c5d7bd4265b6ffd9d17c0530b68c732c0ebb1612cdde275356c75733c432ca6e56d930605c1311e9ce6
-
SSDEEP
12288:YMrey90wTwP6BzB5lqPAu8WcVEKElzS2LYiGOAwqnRh:WyZsSFtUh8KKElm+DA1n
Static task
static1
Behavioral task
behavioral1
Sample
4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3
-
Size
647KB
-
MD5
e11d4ce2cbe6ca5bc669cd269c5ef823
-
SHA1
b6e1abdd23bf66aaa85151e05737619ff13ec1f7
-
SHA256
4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3
-
SHA512
52c789d7bbd1aa7ea0215a5d95959f0314b29b101b867c5d7bd4265b6ffd9d17c0530b68c732c0ebb1612cdde275356c75733c432ca6e56d930605c1311e9ce6
-
SSDEEP
12288:YMrey90wTwP6BzB5lqPAu8WcVEKElzS2LYiGOAwqnRh:WyZsSFtUh8KKElm+DA1n
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1