General
-
Target
e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0
-
Size
690KB
-
Sample
241110-a7rwlaymdr
-
MD5
70046d70b16ce7045edc2ec277b4a08c
-
SHA1
0a21d8f0f330de0e3e1e7428f761464e3fc1c22d
-
SHA256
e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0
-
SHA512
494d84e9d06694a34b85eee575a6f9abd8b7e4207b05dc178e4acbda27547dd4aed9ef4a97eda936bff9cb330a1bc35b6ddcff3f83939ef3e142e999d7519394
-
SSDEEP
12288:aMrsy90qDfCw0t1/UN7sCZ6yLdngq/Czjc79ErdQW2sY:qyJn0tVUuJydnz/Czw9EuN
Static task
static1
Behavioral task
behavioral1
Sample
e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0
-
Size
690KB
-
MD5
70046d70b16ce7045edc2ec277b4a08c
-
SHA1
0a21d8f0f330de0e3e1e7428f761464e3fc1c22d
-
SHA256
e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0
-
SHA512
494d84e9d06694a34b85eee575a6f9abd8b7e4207b05dc178e4acbda27547dd4aed9ef4a97eda936bff9cb330a1bc35b6ddcff3f83939ef3e142e999d7519394
-
SSDEEP
12288:aMrsy90qDfCw0t1/UN7sCZ6yLdngq/Czjc79ErdQW2sY:qyJn0tVUuJydnz/Czw9EuN
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1