General
-
Target
db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6
-
Size
480KB
-
Sample
241110-a5yalaymbm
-
MD5
03d9639714f74b4ebea2c0e479256f3a
-
SHA1
421fa1de8c66d80a275c565dfe4085762e573e48
-
SHA256
db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6
-
SHA512
b9ef9297404ae51ee41d3eac22a6f3feb984f683c7c62046a89e1bf040baa6602cbc9d35b2d90b8cb0dae5508fe02842a48a9d8c816441cff474303ae0cd931e
-
SSDEEP
12288:jMrTy90hvgW5ViOPunNqmYyVvNRpz1wd:sya6YcNDj/wd
Static task
static1
Behavioral task
behavioral1
Sample
db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
misar
217.196.96.101:4132
-
auth_value
069dd9eeee8cff502b661416888f692a
Targets
-
-
Target
db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6
-
Size
480KB
-
MD5
03d9639714f74b4ebea2c0e479256f3a
-
SHA1
421fa1de8c66d80a275c565dfe4085762e573e48
-
SHA256
db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6
-
SHA512
b9ef9297404ae51ee41d3eac22a6f3feb984f683c7c62046a89e1bf040baa6602cbc9d35b2d90b8cb0dae5508fe02842a48a9d8c816441cff474303ae0cd931e
-
SSDEEP
12288:jMrTy90hvgW5ViOPunNqmYyVvNRpz1wd:sya6YcNDj/wd
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1