General
-
Target
8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd
-
Size
546KB
-
Sample
241110-b52hpazkhn
-
MD5
57406dfe7c00a6609236948c2298c797
-
SHA1
78835d67390faf52218f4c931e3a8373aed57450
-
SHA256
8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd
-
SHA512
621435eca4375f104d453958fbd92849eb3caabccebf29bf21b8e4edc3a819522fa1da37b0703a3ad271ef55ea735d86e40cba68611dc58fdfd45f5307fb3dc6
-
SSDEEP
12288:SMrKy90hn1JLK7Dc1gT/BgTmmfKMahlfrUlAKx/2QLPRU:EysJKOTnJahlfrUlAK/2oPRU
Static task
static1
Behavioral task
behavioral1
Sample
8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd
-
Size
546KB
-
MD5
57406dfe7c00a6609236948c2298c797
-
SHA1
78835d67390faf52218f4c931e3a8373aed57450
-
SHA256
8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd
-
SHA512
621435eca4375f104d453958fbd92849eb3caabccebf29bf21b8e4edc3a819522fa1da37b0703a3ad271ef55ea735d86e40cba68611dc58fdfd45f5307fb3dc6
-
SSDEEP
12288:SMrKy90hn1JLK7Dc1gT/BgTmmfKMahlfrUlAKx/2QLPRU:EysJKOTnJahlfrUlAK/2oPRU
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1