General
-
Target
062776ef7a20d08c9e92343d49872bf7e002ca33beddc186062264c16e43f39a
-
Size
688KB
-
Sample
241110-b49snswlcx
-
MD5
c8905450b65f99ae405bf621a149acc5
-
SHA1
ad70b0701d6d50537476ebb5147fba617ebe0102
-
SHA256
062776ef7a20d08c9e92343d49872bf7e002ca33beddc186062264c16e43f39a
-
SHA512
93544d2527f2143d8bb03943d646df52e642647f8311c180e532503601b2bf223c7a0aef2c2e48e62f076712d0a5ad2c21c67eff63ca75b41f53304bc1dfc7a5
-
SSDEEP
12288:jMrEy90J8Slz8Do/o5uUH4hlpnKXI5VVmYxSeYy+zB43xXYMhKbvxGdDWXu2:XyM8Slyo/le2l9PmYxSjR4hIMA7xGVw7
Static task
static1
Behavioral task
behavioral1
Sample
062776ef7a20d08c9e92343d49872bf7e002ca33beddc186062264c16e43f39a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
062776ef7a20d08c9e92343d49872bf7e002ca33beddc186062264c16e43f39a
-
Size
688KB
-
MD5
c8905450b65f99ae405bf621a149acc5
-
SHA1
ad70b0701d6d50537476ebb5147fba617ebe0102
-
SHA256
062776ef7a20d08c9e92343d49872bf7e002ca33beddc186062264c16e43f39a
-
SHA512
93544d2527f2143d8bb03943d646df52e642647f8311c180e532503601b2bf223c7a0aef2c2e48e62f076712d0a5ad2c21c67eff63ca75b41f53304bc1dfc7a5
-
SSDEEP
12288:jMrEy90J8Slz8Do/o5uUH4hlpnKXI5VVmYxSeYy+zB43xXYMhKbvxGdDWXu2:XyM8Slyo/le2l9PmYxSjR4hIMA7xGVw7
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1