General
-
Target
3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398
-
Size
479KB
-
Sample
241110-awtwtaykhj
-
MD5
3c74e805b59807f44b8ccbbf0404af38
-
SHA1
cbe7bd9a4e021f854742d5c5458e1f099c205ecf
-
SHA256
3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398
-
SHA512
1f45f1907df5c7ed20ab2d91e127b1a23f8a2ca74d1266482e0ea23c2e71d9304bc867c8be247b0b1b7d21cfd2ba0d8dea0fe6cc8b98c79efa71a70bfb358c39
-
SSDEEP
12288:pMryy90evXJvKbiixTnQE8I2n+TTIRnh:jy7vQiat89n+T8Rh
Static task
static1
Behavioral task
behavioral1
Sample
3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
dona
217.196.96.101:4132
-
auth_value
9fbb198992bbc83a84ab1f21384813e3
Targets
-
-
Target
3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398
-
Size
479KB
-
MD5
3c74e805b59807f44b8ccbbf0404af38
-
SHA1
cbe7bd9a4e021f854742d5c5458e1f099c205ecf
-
SHA256
3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398
-
SHA512
1f45f1907df5c7ed20ab2d91e127b1a23f8a2ca74d1266482e0ea23c2e71d9304bc867c8be247b0b1b7d21cfd2ba0d8dea0fe6cc8b98c79efa71a70bfb358c39
-
SSDEEP
12288:pMryy90evXJvKbiixTnQE8I2n+TTIRnh:jy7vQiat89n+T8Rh
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1