General
-
Target
ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a
-
Size
551KB
-
Sample
241109-x16shatjfm
-
MD5
fdefb84144708fbd68f79cccce98c7ba
-
SHA1
0f56fdadafcdf22618c9eb15cb83f595134f31a6
-
SHA256
ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a
-
SHA512
e343b0903e18ea7171908efcecae25bf4ed60539161c06ff4f325e351ec95b844976d8bef600634a964d338dffad19edc880905a9d303aed4f335a1426740f3f
-
SSDEEP
12288:zMruy90973LhVfhNN2W/25fX0luEd9wLqzdUPAb8zbn54Oo8U/X:xy23lVfMCk0damSg8h4Ooh/X
Static task
static1
Behavioral task
behavioral1
Sample
ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
stek
melevv.eu:4162
-
auth_value
4205381daf6946b2df5fe3bc7eacc918
Targets
-
-
Target
ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a
-
Size
551KB
-
MD5
fdefb84144708fbd68f79cccce98c7ba
-
SHA1
0f56fdadafcdf22618c9eb15cb83f595134f31a6
-
SHA256
ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a
-
SHA512
e343b0903e18ea7171908efcecae25bf4ed60539161c06ff4f325e351ec95b844976d8bef600634a964d338dffad19edc880905a9d303aed4f335a1426740f3f
-
SSDEEP
12288:zMruy90973LhVfhNN2W/25fX0luEd9wLqzdUPAb8zbn54Oo8U/X:xy23lVfMCk0damSg8h4Ooh/X
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1