General
-
Target
27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b
-
Size
545KB
-
Sample
241109-x2mq1stjgm
-
MD5
fad538d0a8454d700fc7772403db054a
-
SHA1
462429986c93d0d9952332d90caea710851a94e6
-
SHA256
27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b
-
SHA512
f9fa77673164a48110879cf17263da9d721c0230e9c58090e7461ddc971bf5d66651e8f16db9b85f8d1f818b386362d8aadfde928a633e2b742378a63d992340
-
SSDEEP
12288:rMrgy90Z8/gxm/DRCU1ujPgJmMFXaWtLFmd8CZ:zyn/gxmovj4TltLFm1
Static task
static1
Behavioral task
behavioral1
Sample
27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
stek
melevv.eu:4162
-
auth_value
4205381daf6946b2df5fe3bc7eacc918
Targets
-
-
Target
27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b
-
Size
545KB
-
MD5
fad538d0a8454d700fc7772403db054a
-
SHA1
462429986c93d0d9952332d90caea710851a94e6
-
SHA256
27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b
-
SHA512
f9fa77673164a48110879cf17263da9d721c0230e9c58090e7461ddc971bf5d66651e8f16db9b85f8d1f818b386362d8aadfde928a633e2b742378a63d992340
-
SSDEEP
12288:rMrgy90Z8/gxm/DRCU1ujPgJmMFXaWtLFmd8CZ:zyn/gxmovj4TltLFm1
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1