General
-
Target
32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609
-
Size
1.5MB
-
Sample
241109-gnqbzsykbs
-
MD5
8679781ebd0d506bd0980a70287a6b09
-
SHA1
170c1de975bda7c68efcbbdbba9fb2e30ac56943
-
SHA256
32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609
-
SHA512
339057322e44b66e8cc2f3b5840c7fb93cdbc3af29ab1d459bdaf7c3d4f4fba2b8c13bef22232fbb223dc8213305fcf4bfb0c67b6678df86f17ef9214c008060
-
SSDEEP
24576:1yfKQo7VsHZowwHitDV3t/pFEv4+LIgKHqQEfLNJECxpsHTJYEF/7xog:QfdHZo7ClzMv4+D3RECxpsz5F/7xo
Static task
static1
Behavioral task
behavioral1
Sample
32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mask
217.196.96.56:4138
-
auth_value
31aef25be0febb8e491794ef7f502c50
Targets
-
-
Target
32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609
-
Size
1.5MB
-
MD5
8679781ebd0d506bd0980a70287a6b09
-
SHA1
170c1de975bda7c68efcbbdbba9fb2e30ac56943
-
SHA256
32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609
-
SHA512
339057322e44b66e8cc2f3b5840c7fb93cdbc3af29ab1d459bdaf7c3d4f4fba2b8c13bef22232fbb223dc8213305fcf4bfb0c67b6678df86f17ef9214c008060
-
SSDEEP
24576:1yfKQo7VsHZowwHitDV3t/pFEv4+LIgKHqQEfLNJECxpsHTJYEF/7xog:QfdHZo7ClzMv4+D3RECxpsz5F/7xo
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1