General
-
Target
01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe
-
Size
1.5MB
-
Sample
241110-a41pbswbkq
-
MD5
c090c89124b65741d837d24aa946e726
-
SHA1
ea0b4a9618beedb45488c0ebce1f8b53ee086b59
-
SHA256
01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe
-
SHA512
5b6f12c099bb0dac51528044b2c3fa9169d07d7a31ab73a6e4720ae71567677b18dc356f4114eee99e720da528b878ac1cc9d813313a9b833d802b04bc946f23
-
SSDEEP
24576:mybILpofP1eMI0q7ll1qhiR7ngX9h/bSGLndWRy5mC7jJBhS6cQNbotcXFO7gFVW:1bQifP1BqhlqDdmsvfjhv7IcV2Fp
Static task
static1
Behavioral task
behavioral1
Sample
01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mazda
217.196.96.56:4138
-
auth_value
3d2870537d84a4c6d7aeecd002871c51
Targets
-
-
Target
01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe
-
Size
1.5MB
-
MD5
c090c89124b65741d837d24aa946e726
-
SHA1
ea0b4a9618beedb45488c0ebce1f8b53ee086b59
-
SHA256
01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe
-
SHA512
5b6f12c099bb0dac51528044b2c3fa9169d07d7a31ab73a6e4720ae71567677b18dc356f4114eee99e720da528b878ac1cc9d813313a9b833d802b04bc946f23
-
SSDEEP
24576:mybILpofP1eMI0q7ll1qhiR7ngX9h/bSGLndWRy5mC7jJBhS6cQNbotcXFO7gFVW:1bQifP1BqhlqDdmsvfjhv7IcV2Fp
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1