General
-
Target
76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936
-
Size
553KB
-
Sample
241110-b2jhpswkgs
-
MD5
4588be228feeda8f8847374e918cdf97
-
SHA1
e21fb7dbdd01c3345d8d1af067fa3309bbe3339b
-
SHA256
76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936
-
SHA512
cd15507cb10f2a3feb68512f6cfb8870e835f25f44c1f18a292a683159d8061a8e2daeb7bafca6d893ec9cb581f703d07d8733093250ad49597e69c677995b5e
-
SSDEEP
12288:ZMrSy90/wXg3d2u2ah8TNegMYBWPcDtUO2lB:PyOb2zahyeNYYkhUOkB
Static task
static1
Behavioral task
behavioral1
Sample
76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936
-
Size
553KB
-
MD5
4588be228feeda8f8847374e918cdf97
-
SHA1
e21fb7dbdd01c3345d8d1af067fa3309bbe3339b
-
SHA256
76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936
-
SHA512
cd15507cb10f2a3feb68512f6cfb8870e835f25f44c1f18a292a683159d8061a8e2daeb7bafca6d893ec9cb581f703d07d8733093250ad49597e69c677995b5e
-
SSDEEP
12288:ZMrSy90/wXg3d2u2ah8TNegMYBWPcDtUO2lB:PyOb2zahyeNYYkhUOkB
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1