General
-
Target
e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce
-
Size
864KB
-
Sample
241109-y1qxqatqbm
-
MD5
244f899bf0ba9ada43c125cc3621531e
-
SHA1
0e847611fa86e78d86fa27f9ba6f0a950e3d6bd2
-
SHA256
e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce
-
SHA512
99f42e812f0a83da1343066f444f836eeb6adc47abd9a63eba8ce985169cb317c39235d4a3a529974ae07ad638d16ff63c84f0a042c4adeee60c38915ea3d5c0
-
SSDEEP
12288:IMrHy90fsF9VBiQSlGUo198VpqAeF01O/DNqUSu/KSWv1Y6TT0rSO:vyXFp4GUeK2F6A/DNNSGKSWG6n0t
Static task
static1
Behavioral task
behavioral1
Sample
e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce
-
Size
864KB
-
MD5
244f899bf0ba9ada43c125cc3621531e
-
SHA1
0e847611fa86e78d86fa27f9ba6f0a950e3d6bd2
-
SHA256
e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce
-
SHA512
99f42e812f0a83da1343066f444f836eeb6adc47abd9a63eba8ce985169cb317c39235d4a3a529974ae07ad638d16ff63c84f0a042c4adeee60c38915ea3d5c0
-
SSDEEP
12288:IMrHy90fsF9VBiQSlGUo198VpqAeF01O/DNqUSu/KSWv1Y6TT0rSO:vyXFp4GUeK2F6A/DNNSGKSWG6n0t
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1