General
-
Target
f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd
-
Size
689KB
-
Sample
241109-y8tzca1jfv
-
MD5
58044597d627fb4fd67e673c092dddb6
-
SHA1
e0a2b76fe22c57849f550e871700bc04b6eada03
-
SHA256
f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd
-
SHA512
5ab131591ff0b1fb1f7eec1c0cbfb46c8f295227c009d87c61430d0e31041198f5351d0725d57d5b84253245d7b145d45672f771605441eabd4a4d27da5e838d
-
SSDEEP
12288:cMryy90249QmQwgrei2fH5fbfnIcgRUDICu3AXCAUnKBMDzCn8LW3ESy:GyncQJebH5fDvP8CQAXCNn9PCn863EB
Static task
static1
Behavioral task
behavioral1
Sample
f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd
-
Size
689KB
-
MD5
58044597d627fb4fd67e673c092dddb6
-
SHA1
e0a2b76fe22c57849f550e871700bc04b6eada03
-
SHA256
f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd
-
SHA512
5ab131591ff0b1fb1f7eec1c0cbfb46c8f295227c009d87c61430d0e31041198f5351d0725d57d5b84253245d7b145d45672f771605441eabd4a4d27da5e838d
-
SSDEEP
12288:cMryy90249QmQwgrei2fH5fbfnIcgRUDICu3AXCAUnKBMDzCn8LW3ESy:GyncQJebH5fDvP8CQAXCNn9PCn863EB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1