General
-
Target
b6a3ced8d4b449a0506fc6a4f03bbf5a0c29e9f69f5db8819c74571eefe9a14e
-
Size
517KB
-
Sample
241110-a5tx6symbl
-
MD5
cb2a97f1ee255c52b150b83e2d4fd971
-
SHA1
86f80b88f739945e6282dfdaa191cdff7c671df7
-
SHA256
b6a3ced8d4b449a0506fc6a4f03bbf5a0c29e9f69f5db8819c74571eefe9a14e
-
SHA512
86eaffafd6c7292edb662866b5e984368a40a6e096a1d501f33add1f6d4c03f5b282c7aa8c4adbcfcb8d3929694e600a2681a9a9e9429571afcf6196438d9e31
-
SSDEEP
12288:lMrxy90TXaL0ula0BOiWErKA7XjeknZrm:oyuXRcHBGcKOXjRZa
Static task
static1
Behavioral task
behavioral1
Sample
b6a3ced8d4b449a0506fc6a4f03bbf5a0c29e9f69f5db8819c74571eefe9a14e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ronam
193.233.20.17:4139
-
auth_value
125421d19d14dd7fd211bc7f6d4aea6c
Targets
-
-
Target
b6a3ced8d4b449a0506fc6a4f03bbf5a0c29e9f69f5db8819c74571eefe9a14e
-
Size
517KB
-
MD5
cb2a97f1ee255c52b150b83e2d4fd971
-
SHA1
86f80b88f739945e6282dfdaa191cdff7c671df7
-
SHA256
b6a3ced8d4b449a0506fc6a4f03bbf5a0c29e9f69f5db8819c74571eefe9a14e
-
SHA512
86eaffafd6c7292edb662866b5e984368a40a6e096a1d501f33add1f6d4c03f5b282c7aa8c4adbcfcb8d3929694e600a2681a9a9e9429571afcf6196438d9e31
-
SSDEEP
12288:lMrxy90TXaL0ula0BOiWErKA7XjeknZrm:oyuXRcHBGcKOXjRZa
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1