General
-
Target
c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9
-
Size
480KB
-
Sample
241110-aqp1nsvkc1
-
MD5
886d8d0d9ca278b319b358e188cf7b03
-
SHA1
abc27901e20fbb9eb3c9a383ff16456ceb2a2bf6
-
SHA256
c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9
-
SHA512
0806f78b4e31438cf136c1528ccd3861f77e87dec4282b37d98d5e859a1adbc5508143358761b1cf4bad7acc6e166e6eb20b7ee4b8d42aa4c4b46dc095042d44
-
SSDEEP
6144:Kky+bnr+yp0yN90QErTC4g/+6rkReWEUXctuTP8ULLX/wRaB1cklm6yhlHy2fWqF:sMrGy90c+nDMw6u1FV+bF1ho2NF
Static task
static1
Behavioral task
behavioral1
Sample
c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dease
217.196.96.101:4132
-
auth_value
82e4d5f9abc21848e0345118814a4e6c
Targets
-
-
Target
c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9
-
Size
480KB
-
MD5
886d8d0d9ca278b319b358e188cf7b03
-
SHA1
abc27901e20fbb9eb3c9a383ff16456ceb2a2bf6
-
SHA256
c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9
-
SHA512
0806f78b4e31438cf136c1528ccd3861f77e87dec4282b37d98d5e859a1adbc5508143358761b1cf4bad7acc6e166e6eb20b7ee4b8d42aa4c4b46dc095042d44
-
SSDEEP
6144:Kky+bnr+yp0yN90QErTC4g/+6rkReWEUXctuTP8ULLX/wRaB1cklm6yhlHy2fWqF:sMrGy90c+nDMw6u1FV+bF1ho2NF
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1