General
-
Target
2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1
-
Size
1022KB
-
Sample
241109-xvcbpszgkc
-
MD5
7c5db2fe68654156418a70e1247a7085
-
SHA1
ef71d3e74ac83a65cc8202490949512f517f91ff
-
SHA256
2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1
-
SHA512
4e45c9fbb6e4e930febbce43673a7f890803e029ac28f317ee47f0f7766e22734c3b350ffca44c2f0d85c03c4e579e4ee92564bdc13d2d21188acff17857c214
-
SSDEEP
24576:5yQ3aTSpaoQn3NP/SlZgijl2qklQSnUwAmNu8j/oA0/p:sCaTSpXmp/SlD2zlhUwAW/oA
Static task
static1
Behavioral task
behavioral1
Sample
2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ramon
193.233.20.23:4123
-
auth_value
3197576965d9513f115338c233015b40
Targets
-
-
Target
2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1
-
Size
1022KB
-
MD5
7c5db2fe68654156418a70e1247a7085
-
SHA1
ef71d3e74ac83a65cc8202490949512f517f91ff
-
SHA256
2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1
-
SHA512
4e45c9fbb6e4e930febbce43673a7f890803e029ac28f317ee47f0f7766e22734c3b350ffca44c2f0d85c03c4e579e4ee92564bdc13d2d21188acff17857c214
-
SSDEEP
24576:5yQ3aTSpaoQn3NP/SlZgijl2qklQSnUwAmNu8j/oA0/p:sCaTSpXmp/SlD2zlhUwAW/oA
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1