General
-
Target
3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870
-
Size
479KB
-
Sample
241109-gy6fysskcn
-
MD5
cd7f03dca0915b8580f927443a7e9f0c
-
SHA1
1d8fe1ea3c406ef81a782428c397fcae8f4dda03
-
SHA256
3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870
-
SHA512
ee44bd4aa198b3c5db1c9e70832cf3e4ea2a96b0889c21c8cc2b78b12802d60c6dd12386bf50a66c319410c7840967926c061bede58fc53b54dc13ab0a188f40
-
SSDEEP
6144:Kuy+bnr+/p0yN90QEkXEYwGZxRwv797gztQKyADdStBTNqpCtHh8o3jr5xbNn6e0:+Mr7y90lY9G7rKyAItpApCBGU5TX0
Static task
static1
Behavioral task
behavioral1
Sample
3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
maher
217.196.96.101:4132
-
auth_value
c57763165f68aabcf4874e661a1ffbac
Targets
-
-
Target
3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870
-
Size
479KB
-
MD5
cd7f03dca0915b8580f927443a7e9f0c
-
SHA1
1d8fe1ea3c406ef81a782428c397fcae8f4dda03
-
SHA256
3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870
-
SHA512
ee44bd4aa198b3c5db1c9e70832cf3e4ea2a96b0889c21c8cc2b78b12802d60c6dd12386bf50a66c319410c7840967926c061bede58fc53b54dc13ab0a188f40
-
SSDEEP
6144:Kuy+bnr+/p0yN90QEkXEYwGZxRwv797gztQKyADdStBTNqpCtHh8o3jr5xbNn6e0:+Mr7y90lY9G7rKyAItpApCBGU5TX0
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1