General
-
Target
8ec37da00aac3abbd1b7d95fd17c35ac22ac685b84b645193c165dbf2fd97b0b
-
Size
688KB
-
Sample
241110-ar5graykbk
-
MD5
d82c2c9060300940b2ceb83a9535f50e
-
SHA1
fa420056685163da13e685f18516141baba7ef86
-
SHA256
8ec37da00aac3abbd1b7d95fd17c35ac22ac685b84b645193c165dbf2fd97b0b
-
SHA512
12bfdfe0cb8318a49650089807f34b1b6364082a4a22fb67717af64565074c9a47f367c198502308316ff9d0c03ca1fd0c3070a4cf2a93dfb3bd224154dca8eb
-
SSDEEP
12288:iMrNy90C8jXuS1ZnVJ8vrK2+/tvg0wiAcVLchJaif9vEy1S1D3pPBer:XyIlVCb+/tvgoASSxlk3pPG
Static task
static1
Behavioral task
behavioral1
Sample
8ec37da00aac3abbd1b7d95fd17c35ac22ac685b84b645193c165dbf2fd97b0b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
8ec37da00aac3abbd1b7d95fd17c35ac22ac685b84b645193c165dbf2fd97b0b
-
Size
688KB
-
MD5
d82c2c9060300940b2ceb83a9535f50e
-
SHA1
fa420056685163da13e685f18516141baba7ef86
-
SHA256
8ec37da00aac3abbd1b7d95fd17c35ac22ac685b84b645193c165dbf2fd97b0b
-
SHA512
12bfdfe0cb8318a49650089807f34b1b6364082a4a22fb67717af64565074c9a47f367c198502308316ff9d0c03ca1fd0c3070a4cf2a93dfb3bd224154dca8eb
-
SSDEEP
12288:iMrNy90C8jXuS1ZnVJ8vrK2+/tvg0wiAcVLchJaif9vEy1S1D3pPBer:XyIlVCb+/tvgoASSxlk3pPG
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1