General
-
Target
74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5
-
Size
480KB
-
Sample
241110-b2b4mawke1
-
MD5
0a692d4581365ccded67dfc64fe26d91
-
SHA1
8862bc3af1da40110eb628e0e3f935cfa615dc8a
-
SHA256
74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5
-
SHA512
b11bb1e468f8a762e70d3d238e604b28cc88b70c4d2da09546cb51fc3b4df0c15ea3addd3cbc76af92b91ec701197a8ae29978d714a56657e3f0e1c117ac46fd
-
SSDEEP
12288:8Mrvy90HpnFEENQZuTmGruaCcer/qYFPANF2Qnaj:byMuZuMUeWYu8o8
Static task
static1
Behavioral task
behavioral1
Sample
74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Targets
-
-
Target
74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5
-
Size
480KB
-
MD5
0a692d4581365ccded67dfc64fe26d91
-
SHA1
8862bc3af1da40110eb628e0e3f935cfa615dc8a
-
SHA256
74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5
-
SHA512
b11bb1e468f8a762e70d3d238e604b28cc88b70c4d2da09546cb51fc3b4df0c15ea3addd3cbc76af92b91ec701197a8ae29978d714a56657e3f0e1c117ac46fd
-
SSDEEP
12288:8Mrvy90HpnFEENQZuTmGruaCcer/qYFPANF2Qnaj:byMuZuMUeWYu8o8
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1