General
-
Target
5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3
-
Size
656KB
-
Sample
241110-b1y7rszkbl
-
MD5
b48eb493412048c77c80ad7553268ee0
-
SHA1
5261ea796670ea4fb0f719d7e1414fcb95823892
-
SHA256
5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3
-
SHA512
ef9c79be046a7a3c93dfd241d751ea8c5d565e84f17c894c77c95d54883e0c4413bb605fc760bb3d110dd83bc6d96e446612e6308f2bb20c7b9ad8aa5392bf54
-
SSDEEP
12288:QMrHy90+e8yCCAYeKxiFy/C3XFRrYyU+u7vjlKLfdgjHT+X+eq2:HyPeVJsKN6HFRr5a7pIGjHkx
Static task
static1
Behavioral task
behavioral1
Sample
5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
lint
193.233.20.28:4125
-
auth_value
0e95262fb78243c67430f3148303e5b7
Targets
-
-
Target
5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3
-
Size
656KB
-
MD5
b48eb493412048c77c80ad7553268ee0
-
SHA1
5261ea796670ea4fb0f719d7e1414fcb95823892
-
SHA256
5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3
-
SHA512
ef9c79be046a7a3c93dfd241d751ea8c5d565e84f17c894c77c95d54883e0c4413bb605fc760bb3d110dd83bc6d96e446612e6308f2bb20c7b9ad8aa5392bf54
-
SSDEEP
12288:QMrHy90+e8yCCAYeKxiFy/C3XFRrYyU+u7vjlKLfdgjHT+X+eq2:HyPeVJsKN6HFRr5a7pIGjHkx
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1