General
-
Target
20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68
-
Size
692KB
-
Sample
241109-y69a9a1gqe
-
MD5
5eb8cdc8408f2b111c05bacb90d1e2d2
-
SHA1
479ddbbd7060abecb9d0cfacfa35f0b7fcdb618e
-
SHA256
20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68
-
SHA512
33b9aef44b2b59c64c3b85d54e2afb641df2d809826a8a61f5bf2529957f86d41a4de1aff7c5905c654e5067d9f63c960bf4f34b4b82259c64eee45ea1ce72d3
-
SSDEEP
12288:6Mrky909iVcJUw0rxx7bGTCjiPHoUluaxsHEG6GhBOc:qyofJD0d2f/bKEGbhBH
Static task
static1
Behavioral task
behavioral1
Sample
20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
rouch
193.56.146.11:4162
-
auth_value
1b1735bcfc122c708eae27ca352568de
Targets
-
-
Target
20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68
-
Size
692KB
-
MD5
5eb8cdc8408f2b111c05bacb90d1e2d2
-
SHA1
479ddbbd7060abecb9d0cfacfa35f0b7fcdb618e
-
SHA256
20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68
-
SHA512
33b9aef44b2b59c64c3b85d54e2afb641df2d809826a8a61f5bf2529957f86d41a4de1aff7c5905c654e5067d9f63c960bf4f34b4b82259c64eee45ea1ce72d3
-
SSDEEP
12288:6Mrky909iVcJUw0rxx7bGTCjiPHoUluaxsHEG6GhBOc:qyofJD0d2f/bKEGbhBH
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1