General
-
Target
e82356fe23577b757a171b474974f18108be26194a264ebcc0cf91007f5c0185
-
Size
577KB
-
Sample
241109-yqt7dstndr
-
MD5
e5f3e6dcdecd3d3afef91c6423e82deb
-
SHA1
f4faabeb128a5a2f616af6f1439c96bd238e4605
-
SHA256
e82356fe23577b757a171b474974f18108be26194a264ebcc0cf91007f5c0185
-
SHA512
d338e929ca428b42cf97f33b618dc750e675b66a6987f589f7579ea55ad83b9624400bbb42f1686d1cd2721d1e8823502d4cc5e5432be21871531a53c2d0cb52
-
SSDEEP
12288:PMrQy90qahimz7AuxqVLxFYn54YgCiA6QBoNrSfQ:3yzsVAuxYLIXgK6QBopSfQ
Static task
static1
Behavioral task
behavioral1
Sample
e82356fe23577b757a171b474974f18108be26194a264ebcc0cf91007f5c0185.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
e82356fe23577b757a171b474974f18108be26194a264ebcc0cf91007f5c0185
-
Size
577KB
-
MD5
e5f3e6dcdecd3d3afef91c6423e82deb
-
SHA1
f4faabeb128a5a2f616af6f1439c96bd238e4605
-
SHA256
e82356fe23577b757a171b474974f18108be26194a264ebcc0cf91007f5c0185
-
SHA512
d338e929ca428b42cf97f33b618dc750e675b66a6987f589f7579ea55ad83b9624400bbb42f1686d1cd2721d1e8823502d4cc5e5432be21871531a53c2d0cb52
-
SSDEEP
12288:PMrQy90qahimz7AuxqVLxFYn54YgCiA6QBoNrSfQ:3yzsVAuxYLIXgK6QBopSfQ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1