General
-
Target
3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421
-
Size
546KB
-
Sample
241110-a56lzaymbr
-
MD5
223698775c6213e5e08b60bb8f4b521f
-
SHA1
c2a5685503ce6318150182e7823009f51e5a7888
-
SHA256
3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421
-
SHA512
d1cae6a22105ebd74c398c6371572403943eab8b23a94f3d41f5515df215c87ecac16026217f977080017a9d31dbe7f976da5087d0de0e98487abb0624317ffe
-
SSDEEP
12288:TMrpy90KpmVHIju5CghUTHMQ9nyfmxLL+P8M9J2:OyWVHG6CgxZmNq8H
Static task
static1
Behavioral task
behavioral1
Sample
3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
stek
melevv.eu:4162
-
auth_value
4205381daf6946b2df5fe3bc7eacc918
Targets
-
-
Target
3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421
-
Size
546KB
-
MD5
223698775c6213e5e08b60bb8f4b521f
-
SHA1
c2a5685503ce6318150182e7823009f51e5a7888
-
SHA256
3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421
-
SHA512
d1cae6a22105ebd74c398c6371572403943eab8b23a94f3d41f5515df215c87ecac16026217f977080017a9d31dbe7f976da5087d0de0e98487abb0624317ffe
-
SSDEEP
12288:TMrpy90KpmVHIju5CghUTHMQ9nyfmxLL+P8M9J2:OyWVHG6CgxZmNq8H
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1