General
-
Target
7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a
-
Size
540KB
-
Sample
241109-y6lvys1gpc
-
MD5
8b834f31eec31ca79ff9244a03e277b2
-
SHA1
48e7a53a0d44fbbb04a83743821ea4af4183d648
-
SHA256
7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a
-
SHA512
b621506c029dd5dbd430ad74ec9036b0fa074624be3e90cdb3f576b5137deb35dc631766675188ad7dff01b3087b300af08ccbb053139cf57fb5579ce5ed907b
-
SSDEEP
12288:SMrAy90RVHMM08Ti3joqtwuJyCjXSl5x2LJnPkj:ey4FM4i30cNo2XSYC
Static task
static1
Behavioral task
behavioral1
Sample
7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a
-
Size
540KB
-
MD5
8b834f31eec31ca79ff9244a03e277b2
-
SHA1
48e7a53a0d44fbbb04a83743821ea4af4183d648
-
SHA256
7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a
-
SHA512
b621506c029dd5dbd430ad74ec9036b0fa074624be3e90cdb3f576b5137deb35dc631766675188ad7dff01b3087b300af08ccbb053139cf57fb5579ce5ed907b
-
SSDEEP
12288:SMrAy90RVHMM08Ti3joqtwuJyCjXSl5x2LJnPkj:ey4FM4i30cNo2XSYC
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1