General
-
Target
bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616
-
Size
794KB
-
Sample
241110-b7wefswlgz
-
MD5
f0e465a56823e274bfe996db01cc312b
-
SHA1
9d24c747588b0463295e3f66fc5c9cbfc436af84
-
SHA256
bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616
-
SHA512
2e1d4ca0125624efb451cad881cc2c6abe1f26fe7eb555dc69026cc9c7ba2d6e9f2789652710ec83aa6262dedcce750abb0d8b9b59953e55e3948af47d458c48
-
SSDEEP
24576:YykSqd+C2lIV3Cxgf+OqtitFkIQULofr:fkx2uVzfJbtFqu
Static task
static1
Behavioral task
behavioral1
Sample
bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616
-
Size
794KB
-
MD5
f0e465a56823e274bfe996db01cc312b
-
SHA1
9d24c747588b0463295e3f66fc5c9cbfc436af84
-
SHA256
bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616
-
SHA512
2e1d4ca0125624efb451cad881cc2c6abe1f26fe7eb555dc69026cc9c7ba2d6e9f2789652710ec83aa6262dedcce750abb0d8b9b59953e55e3948af47d458c48
-
SSDEEP
24576:YykSqd+C2lIV3Cxgf+OqtitFkIQULofr:fkx2uVzfJbtFqu
-
Detects Healer an antivirus disabler dropper
-
Healer family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1