General
-
Target
455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3
-
Size
687KB
-
Sample
241109-gtkcxsyhra
-
MD5
e6c787b3b118bc67f94a7ce4d0f8741a
-
SHA1
45dfb9ca9ae71a771968ca8d6071822f0e96eef8
-
SHA256
455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3
-
SHA512
36a71af602e8204d010cdd7cafc4891dc982ba7d4f68af8b7e8957fa44754e38991a8034c7fbfa9136b3a7c71f6e37816a7b1f00a1cc5a80f98714bfc9482d4b
-
SSDEEP
12288:RMrKy90BLO4jVk2+u9GmC75pLtPpCe8FOZTx9qO/qT7iVBPs6t3reK7VYCzZl95:jyeS4nwmC75JftjJqvikwn7VYCh5
Static task
static1
Behavioral task
behavioral1
Sample
455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3
-
Size
687KB
-
MD5
e6c787b3b118bc67f94a7ce4d0f8741a
-
SHA1
45dfb9ca9ae71a771968ca8d6071822f0e96eef8
-
SHA256
455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3
-
SHA512
36a71af602e8204d010cdd7cafc4891dc982ba7d4f68af8b7e8957fa44754e38991a8034c7fbfa9136b3a7c71f6e37816a7b1f00a1cc5a80f98714bfc9482d4b
-
SSDEEP
12288:RMrKy90BLO4jVk2+u9GmC75pLtPpCe8FOZTx9qO/qT7iVBPs6t3reK7VYCzZl95:jyeS4nwmC75JftjJqvikwn7VYCh5
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1