General
-
Target
c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886
-
Size
556KB
-
Sample
241109-x6ma2s1alf
-
MD5
0ab4db145aa877157b1b5e963b055f8e
-
SHA1
e260b3c66c26e0e61e124a4a2f94b2f8f60b52ad
-
SHA256
c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886
-
SHA512
aeddd2216971bf5a9b3c500a4da1aaf7af02354845c7d2e39312a39d88acec973151ecc1c7986c2c2362fb06f0e5b871a6a9413ac4b2b3f1c534836107691cf9
-
SSDEEP
12288:ZMrLy905mXmFCyEv7RUd7WZd/qoQFq8PH3Pgw:WyHXmFBE72dElQxf/F
Static task
static1
Behavioral task
behavioral1
Sample
c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886
-
Size
556KB
-
MD5
0ab4db145aa877157b1b5e963b055f8e
-
SHA1
e260b3c66c26e0e61e124a4a2f94b2f8f60b52ad
-
SHA256
c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886
-
SHA512
aeddd2216971bf5a9b3c500a4da1aaf7af02354845c7d2e39312a39d88acec973151ecc1c7986c2c2362fb06f0e5b871a6a9413ac4b2b3f1c534836107691cf9
-
SSDEEP
12288:ZMrLy905mXmFCyEv7RUd7WZd/qoQFq8PH3Pgw:WyHXmFBE72dElQxf/F
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1