General
-
Target
25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423
-
Size
1.5MB
-
Sample
241110-at32psykem
-
MD5
791de287b178ed750401c484f3f4c257
-
SHA1
dc45a8647a0940eac6299c02b32f9f075c0f6780
-
SHA256
25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423
-
SHA512
773cb29f4a5b5f940d0a97908a7803e69a1924a1fcc044f03213714cd0bc75db7cd556f7b14ec1c2696ccf54c06d3f9d5a6f392bfa9fff0ed1ae9821f18ce9b2
-
SSDEEP
24576:Ny175C0TSmP4SpcwrqmrFE3RTkWGXrvIQCyIYdry7Cyfo3UA7YOZY58:oN5ZTTP4+zrKkl7AQCyIYByxO7fZ
Static task
static1
Behavioral task
behavioral1
Sample
25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mazda
217.196.96.56:4138
-
auth_value
3d2870537d84a4c6d7aeecd002871c51
Targets
-
-
Target
25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423
-
Size
1.5MB
-
MD5
791de287b178ed750401c484f3f4c257
-
SHA1
dc45a8647a0940eac6299c02b32f9f075c0f6780
-
SHA256
25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423
-
SHA512
773cb29f4a5b5f940d0a97908a7803e69a1924a1fcc044f03213714cd0bc75db7cd556f7b14ec1c2696ccf54c06d3f9d5a6f392bfa9fff0ed1ae9821f18ce9b2
-
SSDEEP
24576:Ny175C0TSmP4SpcwrqmrFE3RTkWGXrvIQCyIYdry7Cyfo3UA7YOZY58:oN5ZTTP4+zrKkl7AQCyIYByxO7fZ
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1